Xjun Posted August 1, 2013 Posted August 1, 2013 DTProtect company is China Kunshan DiShui reverse Themida and VMProtect developed by the new shell! And added a new core technology! UnpackMe.rar
GIV Posted August 1, 2013 Posted August 1, 2013 (edited) This sould be like when it runs? Edited August 1, 2013 by GIV
Xjun Posted August 1, 2013 Author Posted August 1, 2013 Clipboard01.jpgThis sould be like when it runs? Anti OD !
Teddy Rogers Posted August 1, 2013 Posted August 1, 2013 The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply]
Teddy Rogers Posted August 1, 2013 Posted August 1, 2013 Xjun, please can you follow the topic title format! Thanks... Ted.
Xjun Posted August 1, 2013 Author Posted August 1, 2013 No debuger was loaded. Please check the kernel hooks, shadow hooks, as well as your computer is turned on the debugger?
LCF-AT Posted August 1, 2013 Posted August 1, 2013 Hi Xjun, ok your new unpackme does run now outside. Only a short while... VirtualAllocGetSystemTimeSystemTimeToFileTime---------------ZwQueryInformationThreadLoadLibraryAMessageBoxAZwTerminateProcess---------------VirtualFree0012FCC8 006154AD /CALL to VirtualFree from Testpiao.006154AA0012FCCC 014D0000 |Address = 014D00000012FCD0 00000000 |Size = 00012FCD4 00008000 \FreeType = MEM_RELEASE014D0000 JMP 0061A1CF ; Custom SEH chain.....00617D14 JMP EDXQueueUserAPCQueryPerformanceCounterQueryPerformanceFrequencySleepEx0012FCCC 0060B7BC /CALL to SleepEx from Testpiao.0060B7B90012FCD0 00000000 |Timeout = 0. ms0012FCD4 00000001 \Alertable = TRUELoadLibraryAMessageBoxAZwTerminateProcessSo the file need a lot time to run and the code seems also be executed in realtime only.Some kind of VMed of anything.Nice idea [bad or me] but this protection seems also to be very unstable to run normaly and does also hang completly after a very short while [popup new messagebox xy and exit] so how should anyone use the target then you know?Also in taskmanager it used the most memory of all my running processes and the target is only a little window with one button. Don't wanna know how much memory it will need if you protect any real targets etc.So I don't think that this protector has any future [maybe I am wrong with this opinion].Anyway,so it seems not be a protector for me for unpacking if the whole code was VMed.greetz
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now