[unpackme] VProtect_1[1].9.2.0

[thisistest]

Happy New Year!

welcome to test it~！my friend！

NOTEPAD_VP 1.88.rar

NOTEPAD_VP 1.92.rar

[thisistest]

VProtect_1[1].9.3.0_Pro

NOTEPAD_VP 1.93.rar

Project1_VP 1.93.rar

[Gladiator]

Can't run on windows 7 X64

[Raham]

*Unpacked By Narnia*

Just for XP ( Tested on XP SP2 and SP3 )

/>http://www.hyperupload.com/downloadfile.aspx?fv=Public/634376149112031250Project1_VP.1.93.unpacked.by.Narnia.rar

[BLaCkViRuS]

Worked Fine

Thank You

[thisistest]

unpacked can run my on working xp

[LCF-AT]

Hi,

at the moment I write a unpacker script for VProtect.

So can someone test my unpacked file?Just test whether it runs for you.

XP SP2 <-- My OS | Test also the original file > NOTEPAD_VP 1.93.rar < so see whether it runs on your system.

greetz

NOTEPAD_VP 1.93_Unpacked.rar

[JeRRy]

Not works in my XP SP3 .

0111CE85 50 PUSH EAX

0111CE86 8D0418 LEA EAX,DWORD PTR DS:[EAX+EBX]

0111CE89 58 POP EAX

0111CE8A C3 RETN > 77D242A4 = Crash

$ ==> > 77D242A4

$+4 > 01004521 NOTEPAD_.01004521

$+8 > 01000000 NOTEPAD_.01000000

But works after NOPing 0100451B CALL NOTEPAD.010C740C .

Best Regards

JeRRy

[LCF-AT]

Hi JeRRy,

thanks for testing. Nice to hear that it works.

Ah ok this was a script fault they missed this call in my LOG file.

Ok good to know so I will add a double check into the script now.

----------

0100451B | CALL DWORD PTR DS:[ADDR] ; USER32.LoadImageW | 77D242A4 SP2

----------

01004518     8945 E8             MOV DWORD PTR SS:[EBP-18],EAX
0100451B     E8 EC2E0C00         CALL 010C740C                                  ; NOTEPAD_.010C740C
01004520     F6                  ???                                            ; Unknown commandE8E8  <--- Here was the reason  My script was searching for E8 and then add 5 bytes.

greetz

Edited July 23, 2011 by LCF-AT

[LCF-AT]

Hi,

ok here now my other unpacked unpackme from the "Project1_VP 1.93.rar" package.

I added 2 files for testing on your system [one file is smaller so I cutted sections away].So both should work for you if "also" the original packed unpackme is running on your system.Just test it.Thank you.If all is working good then my unpack script will comming soon.

XP SP2 <-- My OS

greetz

Project1_VP 1.93_Unpacked_x2.rar

[Zer0Flag]

@LCF-AT

Both tested on WinXP SP3 and worked fine.

~0

[BLaCkViRuS]

tested and worked fine in winxpsp3 and xpsp2

[LCF-AT]

@ Zer0Flag & BLaCkViRuS

Thank you for testing.Seems that I am on the right way.

Ok I see there are not much VProtect unpackmes on this board which I can test now. Is there someone who knows where to get some more VProtect unpackme's?If yes then you can post them too or does someone know some targets which are protected with VProtect?

Or if someone of you used the full VProtect protector.....then it would be nice if you can create a handfull of diffrent unpackme's with diffrent protection setings [everything except HWID] etc.This would be very nice and helpfully to test my script.Unfortunately is this protection a china version without a english language support [i think so].Have test the demo file and see just unreadable signs.

Thank you

[BLaCkViRuS]

Hi Dear LCF-AT

i just have demo version of VProtect.in Demo version protected file have Nag Screen and your file not protected with full functions

do you need to Orginal VProtect ? Or i Make Unpack Me with Demo Version ?

have a nice day

Edited July 26, 2011 by BLaCkViRuS

[LCF-AT]

Hi BLaCkViRuS,

so normaly it would be good to get some diffrent protected VProtect files which I can test.

So if you have just the demo and if you know how to protect files with this demo then you can also create some unpackmes and write which protection features are enabled in your files.I don't know how to use the demo so its not in english.

Thank you

PS: Do you know some china men who can create some full protected VP files?Maybe you can ask someone there.

greetz

[thisistest]

Vprotect 2.0.4

Vprotect 2.0.4.rar

peid.txt

[LCF-AT]

@ thisistest

Can you also post some new VP 2.04 without HWID | Serial check?Would like to test whether there are new features added or not.

Thanks

[thisistest]

GetHwid

GetHwid.rar

[thisistest]

VProtectDemo 2.08

VProtectDemo 2.08.rar

[LCF-AT]

Ah ok and thanks for the new files without HWID.

Here my first unpacked file.Just test it.

Unpacked with my beta script [2 minutes] + manually API moves [2 minutes].The script will later also support the manually API moves.

greetz

VProtectDemo 2.08_Unpacked x2.rar

[thisistest]

xp sp3 can working

[LCF-AT]

Hi,

nice to hear thisistest.

Ok here the second file GetHWID.Whole IAT & commands are fixed except the one SDK call. So you will get no number in the free field.

00401371  CALL 007738DE                         ; SDK
-------
$+66     >AND BYTE PTR DS:[ECX],AL  // SDK end
$+68     >MOV EAX,1   // normal code again

Will check this SDK stuff deeper if my main script is finished.

greetz

GetHwid_Unpacked_No_SDK_Fix.rar

[thisistest]

$-3 > 51 push ecx

$-2 > FFD6 call esi ; USER32.SendMessageW

$ ==> > 90 nop

$+1 > 90 nop

$+2 > 90 nop

$+3 > 90 nop

$+4 > 90 nop

$+5 > 90 nop

$+6 > 90 nop

$+7 > 90 nop

$+8 > 90 nop

$+9 > 90 nop

$+A > 90 nop

$+B > 90 nop

$+C > 90 nop

$+D > 90 nop

$+E > 90 nop

$+F > 90 nop

$+10 > 90 nop

$+11 > 90 nop

$+12 > 90 nop

$+13 > 90 nop

$+14 > 90 nop

$+15 > 90 nop

$+16 > 90 nop

$+17 > 90 nop

$+18 > 90 nop

$+19 > 90 nop

$+1A > 90 nop

$+1B > 90 nop

$+1C > 90 nop

$+1D > 90 nop

$+1E > 90 nop

$+1F > 90 nop

$+20 > 90 nop

$+21 > 90 nop

$+22 > 90 nop

$+23 > 90 nop

$+24 > 90 nop

$+25 > 90 nop

$+26 > 90 nop

$+27 > 90 nop

$+28 > 90 nop

$+29 > 90 nop

$+2A > 90 nop

$+2B > 90 nop

$+2C > 90 nop

$+2D > 90 nop

$+2E > 90 nop

$+2F > 90 nop

$+30 > 90 nop

$+31 > 90 nop

$+32 > 90 nop

$+33 > 90 nop

$+34 > 90 nop

$+35 > 90 nop

$+36 > 90 nop

$+37 > 90 nop

$+38 > 90 nop

$+39 > 90 nop

$+3A > 90 nop

$+3B > 90 nop

$+3C > 90 nop

$+3D > 90 nop

$+3E > 90 nop

$+3F > 90 nop

$+40 > 90 nop

$+41 > 90 nop

$+42 > 90 nop

$+43 > 90 nop

$+44 > 90 nop

$+45 > 90 nop

$+46 > 90 nop

$+47 > 90 nop

$+48 > 90 nop

$+49 > 90 nop

$+4A > 90 nop

$+4B > 90 nop

$+4C > 90 nop

$+4D > 90 nop

$+4E > 90 nop

$+4F > 90 nop

$+50 > 90 nop

$+51 > 90 nop

$+52 > 90 nop

$+53 > 90 nop

$+54 > 90 nop

$+55 > 90 nop

$+56 > 90 nop

$+57 > 90 nop

$+58 > 90 nop

$+59 > 90 nop

$+5A > 90 nop

$+5B > 90 nop

$+5C > 90 nop

$+5D > 90 nop

$+5E > 90 nop

$+5F > 90 nop

$+60 > 90 nop

$+61 > 90 nop

$+62 > 90 nop

$+63 > 90 nop

$+64 > 90 nop

$+65 > 90 nop

$+66 > 90 nop

$+67 > 90 nop

$+68 > B8 01000000 mov eax,1

$+6D > 8B4D F4 mov ecx,dword ptr ss:[ebp-C]

$+70 > 64:890D 0000000>mov dword ptr fs:[0],ecx

GetHwid_Unpacked_No_SDK_Fix can working~!

[user1]

It is possible to create a universal WmProtect unpacker?

[LCF-AT]

"It is possible to create a universal WmProtect unpacker?"

For OEP & Full IAT Fixing = Yes

Script is already in work and working (without SDK Fix) but not finished yet. If you know some other VProtect unpackmes | targets without HWID check then you can send them to me to check them.I never have seen a real target using the VProtect protection til now.

greetz