Jump to content
Tuts 4 You

[unpackme] DTProtect 1.004 Unpackme


Xjun

Recommended Posts

Teddy Rogers

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment

Hi Xjun,

ok your new unpackme does run now outside. :) Only a short while...

VirtualAllocGetSystemTimeSystemTimeToFileTime---------------ZwQueryInformationThreadLoadLibraryAMessageBoxAZwTerminateProcess---------------VirtualFree0012FCC8   006154AD  /CALL to VirtualFree from Testpiao.006154AA0012FCCC   014D0000  |Address = 014D00000012FCD0   00000000  |Size = 00012FCD4   00008000  \FreeType = MEM_RELEASE014D0000  JMP 0061A1CF   ; Custom SEH chain.....00617D14  JMP EDXQueueUserAPCQueryPerformanceCounterQueryPerformanceFrequencySleepEx0012FCCC   0060B7BC  /CALL to SleepEx from Testpiao.0060B7B90012FCD0   00000000  |Timeout = 0. ms0012FCD4   00000001  \Alertable = TRUELoadLibraryAMessageBoxAZwTerminateProcess
So the file need a lot time to run and the code seems also be executed in realtime only.Some kind of VMed of anything.Nice idea [bad or me] but this protection seems also to be very unstable to run normaly and does also hang completly after a very short while [popup new messagebox xy and exit] so how should anyone use the target then you know?Also in taskmanager it used the most memory of all my running processes and the target is only a little window with one button. :) Don't wanna know how much memory it will need if you protect any real targets etc.So I don't think that this protector has any future [maybe I am wrong with this opinion].Anyway,so it seems not be a protector for me for unpacking if the whole code was VMed.

greetz

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...