Gladiator Posted December 24, 2014 Share Posted December 24, 2014 HiAttached file is simple VB6 File was protected with PeP latest Version so please try to unpack and then identify the way you used to beak it's protection. Thanks PeP_5.rar Link to comment Share on other sites More sharing options...
SHADOW_UA Posted December 24, 2014 Share Posted December 24, 2014 Unpacked. Tutorial: F7 -> CTRL+F9 -> F8. You are on OEP. Dump with Scylla through Menu -> Dump Section (Change BIG section size to 0). Fix Imports. File is runnable. Now you can fix sections manually through CFF Explorer.Unpacked.zip 4 Link to comment Share on other sites More sharing options...
GIV Posted December 25, 2014 Share Posted December 25, 2014 In genere PEP stole the resource API's and resources. Link to comment Share on other sites More sharing options...
Gladiator Posted December 25, 2014 Author Share Posted December 25, 2014 Thanks for unpacking and tut Update : Here sample delphi file for testing resource protection improvement ( maybe ) Thanks UnpackMe_5.3.rar Link to comment Share on other sites More sharing options...
GIV Posted December 25, 2014 Share Posted December 25, 2014 The first file is a joke: 00401080 - FF25 20104000 JMP DWORD PTR DS:[0x401020] ; msvbvm60.__vbaChkstk 00401086 - FF25 38104000 JMP DWORD PTR DS:[0x401038] ; msvbvm60.__vbaExceptHandler 0040108C - FF25 44104000 JMP DWORD PTR DS:[0x401044] ; msvbvm60.__vbaFPException 00401092 - FF25 14104000 JMP DWORD PTR DS:[0x401014] ; msvbvm60._adj_fdiv_m16i 00401098 - FF25 10104000 JMP DWORD PTR DS:[0x401010] ; msvbvm60._adj_fdiv_m32 0040109E - FF25 4C104000 JMP DWORD PTR DS:[0x40104C] ; msvbvm60._adj_fdiv_m32i 004010A4 - FF25 08104000 JMP DWORD PTR DS:[0x401008] ; msvbvm60._adj_fdiv_m64 004010AA - FF25 58104000 JMP DWORD PTR DS:[0x401058] ; msvbvm60._adj_fdiv_r 004010B0 - FF25 18104000 JMP DWORD PTR DS:[0x401018] ; msvbvm60._adj_fdivr_m16i 004010B6 - FF25 54104000 JMP DWORD PTR DS:[0x401054] ; msvbvm60._adj_fdivr_m32 004010BC - FF25 50104000 JMP DWORD PTR DS:[0x401050] ; msvbvm60._adj_fdivr_m32i 004010C2 - FF25 40104000 JMP DWORD PTR DS:[0x401040] ; msvbvm60._adj_fdivr_m64 004010C8 - FF25 28104000 JMP DWORD PTR DS:[0x401028] ; msvbvm60._adj_fpatan 004010CE - FF25 3C104000 JMP DWORD PTR DS:[0x40103C] ; msvbvm60._adj_fprem 004010D4 - FF25 0C104000 JMP DWORD PTR DS:[0x40100C] ; msvbvm60._adj_fprem1 004010DA - FF25 04104000 JMP DWORD PTR DS:[0x401004] ; msvbvm60._adj_fptan 004010E0 - FF25 60104000 JMP DWORD PTR DS:[0x401060] ; msvbvm60._CIatan 004010E6 - FF25 00104000 JMP DWORD PTR DS:[0x401000] ; msvbvm60._CIcos 004010EC - FF25 6C104000 JMP DWORD PTR DS:[0x40106C] ; msvbvm60._CIexp 004010F2 - FF25 48104000 JMP DWORD PTR DS:[0x401048] ; msvbvm60._CIlog 004010F8 - FF25 1C104000 JMP DWORD PTR DS:[0x40101C] ; msvbvm60._CIsin 004010FE - FF25 30104000 JMP DWORD PTR DS:[0x401030] ; msvbvm60._CIsqrt 00401104 - FF25 68104000 JMP DWORD PTR DS:[0x401068] ; msvbvm60._CItan 0040110A - FF25 64104000 JMP DWORD PTR DS:[0x401064] ; msvbvm60._allmul 00401110 - FF25 34104000 JMP DWORD PTR DS:[0x401034] ; msvbvm60.EVENT_SINK_QueryInterface 00401116 - FF25 24104000 JMP DWORD PTR DS:[0x401024] ; msvbvm60.EVENT_SINK_AddRef 0040111C - FF25 2C104000 JMP DWORD PTR DS:[0x40102C] ; msvbvm60.EVENT_SINK_Release 00401122 - FF25 5C104000 JMP DWORD PTR DS:[0x40105C] ; msvbvm60.ThunRTMain 00401128 <ModuleEntryPo> 68 00134000 PUSH Project1.00401300 0040112D E8 F0FFFFFF CALL Project1.00401122 ; JMP to msvbvm60.ThunRTMain Link to comment Share on other sites More sharing options...
GIV Posted December 25, 2014 Share Posted December 25, 2014 Delphi file OEP: 005B0268 > 55 PUSH EBP Link to comment Share on other sites More sharing options...
GIV Posted December 25, 2014 Share Posted December 25, 2014 (edited) Unpacked.Tested under XP SP3 X86.UnpackMe_unpacked_giv.7z Edited December 26, 2014 by GIV 1 Link to comment Share on other sites More sharing options...
GIV Posted December 25, 2014 Share Posted December 25, 2014 (edited) The only thing new is this let me say strange (at least) ideea to give resources a strange name.In this case: TsuueiuwieufnhkjsfjshksheiuwehirwuerThis is no solution. Edited December 25, 2014 by GIV 1 Link to comment Share on other sites More sharing options...
Gladiator Posted December 25, 2014 Author Share Posted December 25, 2014 The only thing new is this let me say strange (at least) ideea to give resources a strange name. In this case: This is no solution. That is my idea and not pep developer at all i think there will be some one to solve this problem also Thanks for spending time 1 Link to comment Share on other sites More sharing options...
Zagk Posted May 10, 2021 Share Posted May 10, 2021 On 12/24/2014 at 11:32 AM, Gladiator said: Hi Attached file is simple VB6 File was protected with PeP latest Version so please try to unpack and then identify the way you used to beak it's protection. Thanks PeP_5.rar salm # how can i do unpack plz show any video Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now