Asian Dragon Posted May 2, 2013 Share Posted May 2, 2013 UnpackMe VMprotect Ultimate v2.12.3 crackme.vmp.rar Link to comment Share on other sites More sharing options...
converse Posted May 2, 2013 Share Posted May 2, 2013 (edited) unpacked using a script by lcf-at 0040124D 0BC0 OR EAX,EAX 0040124F 75 16 JNZ SHORT crackme_.00401267 00401251 6A 00 PUSH 0x0 00401253 68 7E304000 PUSH crackme_.0040307E ; ASCII "Correct!" 00401258 68 5E304000 PUSH crackme_.0040305E ; ASCII "You entered the right password!" 0040125D FF75 08 PUSH DWORD PTR SS:[EBP+0x8] 00401260 E8 8D000000 CALL crackme_.004012F2 00401265 EB 21 JMP SHORT crackme_.00401288 00401267 6A 00 PUSH 0x0 00401269 68 87304000 PUSH crackme_.00403087 ; ASCII "Nope!" 0040126E 68 8D304000 PUSH crackme_.0040308D ; ASCII "Maybe, you should try again, it's sooo easy!!" 00401273 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] 00401276 E8 77000000 CALL crackme_.004012F2 Edited May 2, 2013 by converse Link to comment Share on other sites More sharing options...
Asian Dragon Posted May 2, 2013 Author Share Posted May 2, 2013 @converseOK, after unpack the file but does not workHow to fix? Link to comment Share on other sites More sharing options...
converse Posted May 2, 2013 Share Posted May 2, 2013 rebuild oep Link to comment Share on other sites More sharing options...
Asian Dragon Posted May 2, 2013 Author Share Posted May 2, 2013 rebuild oep rebuild oepOEP rebuild like? Link to comment Share on other sites More sharing options...
TomaHawk Posted May 2, 2013 Share Posted May 2, 2013 OEP rebuild like? Look at the stack when you reach oep. Mostly the first value there is the code the rebuild oep. Link to comment Share on other sites More sharing options...
converse Posted May 2, 2013 Share Posted May 2, 2013 oep under the VM Link to comment Share on other sites More sharing options...
Asian Dragon Posted May 2, 2013 Author Share Posted May 2, 2013 thank you TomaHawk and converseI will try now Link to comment Share on other sites More sharing options...
av999 Posted May 2, 2013 Share Posted May 2, 2013 needed example of code near OEP for this compiler(win32asm) 1st call - GetModuleHandleA Link to comment Share on other sites More sharing options...
Teddy Rogers Posted May 2, 2013 Share Posted May 2, 2013 The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply] Link to comment Share on other sites More sharing options...
Xjun Posted May 29, 2013 Share Posted May 29, 2013 你不该反虚拟机!表示本机X64 调试不动! Link to comment Share on other sites More sharing options...
GIV Posted June 1, 2013 Share Posted June 1, 2013 Do you get high mate?Why the password iscannabis ? Link to comment Share on other sites More sharing options...
av999 Posted June 11, 2013 Share Posted June 11, 2013 there is a result? Link to comment Share on other sites More sharing options...
converse Posted June 11, 2013 Share Posted June 11, 2013 Do you get high mate? Why the password is ? 0040122C 6A 1E PUSH 0x1E 0040122E 68 37304000 PUSH crackme_.00403037 00401233 FF35 04314000 PUSH DWORD PTR DS:[0x403104] 00401239 E8 A2000000 CALL crackme_.004012E0 0040123E 68 55304000 PUSH crackme_.00403055 ; ASCII "cannabis" 00401243 68 37304000 PUSH crackme_.00403037 00401248 E8 E7000000 CALL crackme_.00401334 Link to comment Share on other sites More sharing options...
converse Posted June 16, 2013 Share Posted June 16, 2013 rebuild OEP Push 0 // Handle for GMHA API | 0 used for target itself CALL 00D70072 // Here my call to jmp dword [ADDR] ; GetModuleHandleA jmp 00489A47 // Jump back to return value after APIP.S. thanks LCF-ATunpacked.rar 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now