Posted November 21, 201113 yr Unpack and send to me your tutorial or script. Here is my email: blueskys0702@gmail.com.ThanksUnPackMe WL 2.1.9.rar
November 21, 201113 yr Hi, ok here my unpacked files.Just test and tell. greetz WLTest_Unpacked_x2.rar
November 22, 201113 yr @ nguyenhung0702What you mean you can't dump?Some infos etc.So my 1.2 script should also work with this unpackme.Just try again or give some infos about your problem.Enter IAT data manually in ImpRec etc.PS: I use the scylla fixing tool now [no more ImpRec at the moment].greetz
November 23, 201113 yr Author Thank for your reply. When use your script, i got error:Script Log Window ----------******************---------- VM antidump redirector is used. Version retriever is not used. Oreans kernel32, user32 and advapi32 dll's are disabled. ------------- Modulebase: 00400000 Code & IAT Section: 00401000 Found new Anti-Dump store location at address: 40D0A0 CISC VM is located in the Themida - Winlicense section. TM_WL_2: 0040FE60 Check Protection Antdump not redirected, version too low/high. ------------- IAT fixing started. DEC jumps detected at: 00529059 Cmp eax,50 detected at: 00529B7C Magic Jump 1 at 52905A IAT Jumper was found & fixed at address 528E14 Can큧 create special IAT patch!Just normal magic jump nopping method! Stack-AntiDump does not break in the main target: WLTest | ntdll Stack Anti Dump will disabled now! Heap Fixing was skipped! ------------- ------------- First is_registered dword retrieval point not found. Second is_registered dword retrieval point not found. ------------- All multithreading sleep api's fixed, number of VM entries: 00000001 VM oep finder failed, near oep finder was executed instead. Stackantidump fixed XOR value changed, antidump redirecter failed. ------IMPORTANT MESSAGE!!!------ Stackantidump fixed XOR value changed, antidump redirecter failed.Thank for your help!
November 23, 201113 yr @ nguyenhung0702So you told me you can not dump the file.Some infos about this issue you should post.So where is the problem.Heap Fixing was skipped! <-- Do not skip heap fixing!Must be fixed if you keep the VM.Press NO if you get the message "skip Heep etc" and YES for second HEAP. Stack Antidump located at: 0040D1A0 SEH Antidump located at: 0040D1B4 Heap Antidump(1) located at: 0040D1A8 Heap Antidump(2) located at: 0040D1AC <---- Only access in VM later0040D1AC 152C9614 <--- If wrong = crashVA:00401ABE | OEP00403000 | IAT000002F8 | SIZEHave also unpacked the file with script 1.2 and it works too.greetz
November 23, 201113 yr The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply]
November 24, 201113 yr hi brother "nguyenhung0702" Can you protect this delphi7 file by your TM/WL 2.1.9 And set these protection levels.(3 unpackme) Here is delphi7:/>http://hotfile.com/dl/135856072/7c9a08e/Target(delphi_7).rar.html Protection Options Level (2)------------------Anti-Debugger: UltraAnti-Dumpers: ENABLEDEntry Point Obfuscation: ENABLEDResource Encryption: ENABLEDVMWare compatible: ENABLEDAPI-Wrapping Level: LEVEL2Anti-Patching: None ***Metamorph Security: ENABLEDMemory Guard: ENABLEDWhen Debugger Found: Display MessageApplication compression: ENABLEDResources compression: ENABLESecureEngine compression: ENABLEDAnti-File Monitor: ENABLEDAnti-Registry Monitor: ENABLEDDelphi/BCB form protection: ENABLERing-0 Protection: ENABLED Regards Edited November 25, 201113 yr by Pertic@n
November 24, 201113 yr Author I've resolved my problem. I really appreciate for your help, LCF-AT!@ Pertic@n: Here you go: http://hotfile.com/dl/135881395/9238553/Target(delphi_7).rar.html
November 24, 201113 yr Hi, @ nguyenhung0702 Nice to hear it that you got it working now. greetz Target_Unpacked.rar
November 25, 201113 yr thanks brothers nguyenhung0702 & LCF-AT @nguyenhung0702 Anti-Patching Disabled in this Unpackme (level 2) Can you enable it and upload again Level (3) Protection Options Level (3)------------------Anti-Debugger: UltraAnti-Dumpers: ENABLEDEntry Point Obfuscation: ENABLEDResource Encryption: ENABLEDVMWare compatible: ENABLEDAPI-Wrapping Level: LEVEL2Anti-Patching: File PatchingMetamorph Security: ENABLEDMemory Guard: ENABLEDWhen Debugger Found: Display MessageApplication compression: ENABLEDResources compression: ENABLESecureEngine compression: ENABLEDAnti-File Monitor: ENABLEDAnti-Registry Monitor: ENABLEDDelphi/BCB form protection: ENABLERing-0 Protection: ENABLED Brother nguyenhung0702 Do you have Full version setup TM/WL 2.1.9 (just setup , no license) If yes can you upload full version setup for us? Regards Edited November 25, 201113 yr by Pertic@n
November 25, 201113 yr Author @ LCF-AT: Thank for your help! How do i restore VM code?@ Pertic@n: Sorry I can't.
November 25, 201113 yr @ nguyenhung0702You can restore the VM code manually in your unpackme so there are only a messagebox with some values which you can see if you set a BP on this API and then rebuild it.For other targets you can try to use a plugin by Deathway [CISC only].If you can`t fix the VMed code then you have to keep the TM WL section = AntiDumps access & checking.greetz
November 26, 201113 yr @ Pertic@n: Sorry I can't.okay brotherCan you ENABLED All protection (don't forget Anti - Patching : File Patching)in your TM\WL and protect my delphi target Regards Edited November 26, 201113 yr by Pertic@n
Create an account or sign in to comment