Posted August 1, 201312 yr DTProtect company is China Kunshan DiShui reverse Themida and VMProtect developed by the new shell! And added a new core technology! UnpackMe.rar
August 1, 201312 yr The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply]
August 1, 201312 yr Author No debuger was loaded. Please check the kernel hooks, shadow hooks, as well as your computer is turned on the debugger?
August 1, 201312 yr Hi Xjun, ok your new unpackme does run now outside. Only a short while... VirtualAllocGetSystemTimeSystemTimeToFileTime---------------ZwQueryInformationThreadLoadLibraryAMessageBoxAZwTerminateProcess---------------VirtualFree0012FCC8 006154AD /CALL to VirtualFree from Testpiao.006154AA0012FCCC 014D0000 |Address = 014D00000012FCD0 00000000 |Size = 00012FCD4 00008000 \FreeType = MEM_RELEASE014D0000 JMP 0061A1CF ; Custom SEH chain.....00617D14 JMP EDXQueueUserAPCQueryPerformanceCounterQueryPerformanceFrequencySleepEx0012FCCC 0060B7BC /CALL to SleepEx from Testpiao.0060B7B90012FCD0 00000000 |Timeout = 0. ms0012FCD4 00000001 \Alertable = TRUELoadLibraryAMessageBoxAZwTerminateProcessSo the file need a lot time to run and the code seems also be executed in realtime only.Some kind of VMed of anything.Nice idea [bad or me] but this protection seems also to be very unstable to run normaly and does also hang completly after a very short while [popup new messagebox xy and exit] so how should anyone use the target then you know?Also in taskmanager it used the most memory of all my running processes and the target is only a little window with one button. Don't wanna know how much memory it will need if you protect any real targets etc.So I don't think that this protector has any future [maybe I am wrong with this opinion].Anyway,so it seems not be a protector for me for unpacking if the whole code was VMed.greetz
Create an account or sign in to comment