Jump to content
Tuts 4 You

[CrackMe/Unpackme]Enigma 4.xx


danmz

Recommended Posts

This is trash.

Just fix API redirection, VM'ed API, find OEP and restore OEP.

The OEP is like:

        PUSH EBP
           MOV EBP, ESP
           ADD ESP, -10
           MOV EAX, 0047F234
           MOV ECX, 00537000
           MOV EDX, 0076A2F7
           CALL 040615C
           MOV EAX, DWORD PTR[4803C8]
           CALL 0459B7C
           MOV EAX, DWORD PTR[4803C8]
           MOV EDX, 0047F5B4
           CALL 045978C
           MOV EAX, DWORD PTR[4803C8]
           MOV ECX, 00483EEC
           MOV EDX, 0047C144
           CALL 0459B94
           MOV EAX, DWORD PTR[4803C8]
           MOV ECX, 00483F88
           MOV EDX, 0047DDE4
           CALL 0459B94
           MOV EAX, DWORD PTR[4803C8]
           MOV ECX, 00483F88
           CALL 0459C14
           MOV EAX, DWORD PTR[4803C8]
           MOV ECX, 001AB1700
           CALL 0403D78

A moderator please put this to trash.

Link to comment

You cannot devirtualize the VM you just reconstruct OEP in this case.

Take a look here:

Quote

You have all you need to know there.

If you want to adapt the devirtualizer to the new VM type just take a look here:

Quote

 

  • Like 1
Link to comment

You cannot devirtualize the VM you just reconstruct OEP in this case.

Take a look here:

Quote

You have all you need to know there.

If you want to adapt the devirtualizer to the new VM type just take a look here:

Quote

You did not checked the second link.

You have the sourcecode to the plugin for devirtualize the Enigma VM.

You just need to adapt to newer versions.

Just you have to work for that and not expect to receive for free.

:)

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...