[Unpackme] Sheilden 2.1.4.0

[mudlord]

http://www.mudlord.i...ators/mugbx.exe

http://www.mudlord.i...ators/mugbx.key

http://www.mudlord.i...llotuts4you.txt
/>http://mudlord.info/temp/mugbx_unpackme.exe

Uses the licensing system of Sheilden, plus all antidebug/obfuscation options, except the VM.

Keysize is RSA-1024, using HWID locking.

This is my own Gameboy emulator, packed with it. Hopefully the txt file is enough proof of this.

Edited March 14, 2012 by mudlord

[DeadAndGone]

Hmm very good packer. Even im not able to bypass the debugBlocker

[LCF-AT]

@ mudlord

Do you can also create this unpackme without license key checking etc?The same file just packed on the same way.

greetz

[mudlord]

Sure thing!

I'll do that when I can, plus I suppose I can enable some VM options.

[mudlord]

Done.

http://mudlord.info/...bx_unpackme.exe has no licensing system activated. Should work on XP because I dynamically load Direct2D and Xinput. Uses no protection APIs because the core is not mature enough. Like I rather have the core mature before implementing because then triggers could be mistaken for actual emulator core bugs.

Edited March 14, 2012 by mudlord

[mudlord]

  On 3/14/2012 at 4:16 PM, Silence said:

Hmm very good packer. Even im not able to bypass the debugBlocker

Yeah, I'm amazed. Pretty good quality for a freeware protector. O.O

[LCF-AT]

@ mudlord

Thanks for the only packed file without license.So I have test it and get one major problem with your file so it does NOT run it crashes on my system XP SP3 if I want to run it normaly.There are missing xy addresses.Here my infos so far.

$-8      > 00418EB1  mugbx_un.00418EB1   <---- 1. OEP used command  
$-4      > 00539512  mugbx_un.00539512
$ ==>    > 7C817067  RETURN to kernel32.7C817067
-------------------------
00418EB1  MOV EDI,EDI           
-------------------------
004133F7  CALL 00418EB1                     ; OEP call rebuild
004133FC  JMP 0041328A                      ; mugbx_un.0041328A
-------------------------
IAT: = fixed
$ ==>    0>77DB557B  ADVAPI32.RegDeleteKeyW
$+4      0>77DB49AE  ADVAPI32.RegQueryInfoKeyW
$+8      0>77DA6FEF  ADVAPI32.RegQueryValueExW
$+C      0>77DA775C  ADVAPI32.RegCreateKeyExWEnd:
$+318    0>774CD060  ole32.CoTaskMemAlloc
$+31C    0>00000000
------------------------

Crash Info of original file:

-----------------------
00411220  PUSH EBP
00411221  MOV EBP,ESP
00411223  SUB ESP,0C
00411226  PUSH EDI
00411227  PUSH 0
00411229  MOV EDI,EAX
0041122B  MOV EAX,DWORD PTR SS:[EBP+8]  // 00CB2B70 to eax
0041122E  MOV EAX,DWORD PTR DS:[EAX+C]  // 00000000 to eax
00411231  MOV ECX,DWORD PTR DS:[EAX]    // crash    
$ ==>    00CB2B70   00426FB8  mugbx_un.00426FB8
$+4      00CB2B74   00186060
$+8      00CB2B78   00000000
$+C      00CB2B7C   00000000  <--- Nothing into = crash above | Missing value!!!
$+10     00CB2B80   00000000

Maybe you can check this and fix this problem and send a working unpackme or a other one.Maybe this does not work because my directX version or something no idea etc.Use something else without special stuff like directX or other things [i mean no game/play special dlls which maybe not work on all systems whatever so you know what I mean rigt?].

greetz

[mudlord]

mudlord.info/temp/unpackme.exe

[LCF-AT]

Hi,

thanks for the new unpackme which works now on my system.

Ok here my unpacked files.

Test and tell whether its working for you.

Info: Sheilden = NoobyProtect [Emu APIs & VMed commands]

greetz

Sheilden 2.1.4.0 UnpackMe_Unpacked_x2.rar

[mudlord]

Nice clean job

Edited March 16, 2012 by mudlord

[wuqing1501]

  On 3/16/2012 at 12:04 AM, LCF-AT said:

Hi,

thanks for the new unpackme which works now on my system.

Ok here my unpacked files.

Test and tell whether its working for you.

Info: Sheilden = NoobyProtect [Emu APIs & VMed commands]

greetz

hello LCF-AT ! where is the packed files? can you upload it ?

[LCF-AT]

@ wuqing1501

So you can see the link on this topic too.

Anyway so I attach the UnpackMe here on board now so its better than to use some extern links.

greetz

Sheilden 2.1.4.0 UnpackMe.rar

[wuqing1501]

  On 3/16/2012 at 3:02 PM, LCF-AT said:

@ wuqing1501

So you can see the link on this topic too.

Anyway so I attach the UnpackMe here on board now so its better than to use some extern links.

greetz

3Q LCF-AT ! you are so stong !