[crackme] InsaneFIDO's Final UnWrapMe

[InsaneFIDO]

This is my final crackme app as there will be no more. I hope those who download it will enjoy destroying it. I have tried it on XPSP2 & XPSP3 and it will run on both with the proviso it is not blocked by excessive hooking of dlls by firewall, AV or other app. It will also fail to run if it finds anything it does not like in various places. Please read the Readme file before attempting it.

Cheers

InsaneFIDO

FarewellUnWrapMe.zip

[EvOlUtIoN]

None of my pc's with xp can load this one...

[Ronar22]

doesn't work here also.(winxp)

Edited April 5, 2011 by Ronar22

[Apuromafo]

same as ronar22 and evolution, but are nice packed (pushad , popad) prefix, prefixret maybe codedoctor reveals that first pseudo hook is isdebuggerpresent..not was checked much, but have tls, too .

greetings Apuromafo

[InsaneFIDO]

I have tried it on XPSP2 and XPSP3 and if certain things are present it will refuse to run that is things it is looking for. You will need to start looking at it from the point of view of it not running because of your setup and work from there.

Cheers

InsaneFIDO

[InsaneFIDO]

I use Windows XP with the classic theme not XP theme for desktop settings and have found that when the XP theme is enabled the app will no longer run, when the windows classic theme is re-enabled the app runs fine again perhaps this may explain why there is some trouble for others to run it.

Cheers

InsaneFIDO

[cozofdeath]

I'm on Win7 x64 and this file wouldn't even come close to running. Because Olly wouldn't load it I had to change all kinds of things in the header to get it to at least load in Olly. The export directory values needed correcting, virtual sizes in the section header and rebuilding, tls had to be wiped. After this it would at least load. Then the errors began. I agree with Apuromafo, on the prefixes. Anyway it looks nice but man there are to many errors for me.

I have to say I think this is a really creative wrapper with the little bit I have seen. I like how you modify the SEHs and use the prefixs. The way you check for tracing is freaking stealthy compared to some packers.

But for me, at 4c3f73 the program tries to move eax into an unallocated part of memory so it causes an error. I'm assuming this is supposed to happen because of the code below it and the code before it was supposed to fill the eip in the context structure but it was still filled with 00000000. There was also some other code that didn't look right that ORs the last SEH pointer for some reason?

Edited August 15, 2011 by cozofdeath

[InsaneFIDO]

Please could someone else try this for me with the XP themes disabled with only the windows classic theme for desktop display as I am unable to figure why it works on my machine that way and not with the XP green, silver or blue themes.

Cheers

InsaneFIDO

[Apuromafo]

here not run..was changed many and not...but i was see some tut of this packed ,in some traduced tutorial...insaneFIDO,

origin:

tutorial of REA, Computer_Angel , traduced in english by by LithiumLi in 1/9/2009

atached as well :

insane tut traduced.txt

BR, APuromafo

Edited September 1, 2011 by Apuromafo

[InsaneFIDO]

The tutorial referred to by APuromafo above is for my first UnWrapMe from a couple of years ago

here is a link to screenshots to show this one does actually run sometimes

[url=http://www.flickr.co...157627850577373]

Final UnWrapMe screenshots

Cheers

InsaneFIDO

Edited October 25, 2011 by InsaneFIDO

[chickenbutt]

what with people using crackme on keygenme and unpackme challenges?