Jump to content
Tuts 4 You
  • 2
Reasen

Safengine Shielden v2.3.8.0

Rate this question

Question

Reasen

Difficulty : Unknown
Language : Delphi XE8
Platform : Windows x86/x64
OS Version : XP and above
Packer / Protector : Safengine Shielden v2.3.8.0  Max Options + Virtualized button Function using Safengine SDK

Description :

This Safengine Version(last one) have support for virtualize the parts of the executable you want,

i virtualized the button with the function (cracked or not cracked) and packed the executable with it, Good luck!

SafengineCrackMe.zip


Screenshot :

Screenshot_1.png.8d1f1bd3d717f02d3313b91

Edited by reasen (see edit history)

Share this post


Link to post

9 answers to this question

Recommended Posts

  • 0
White

Patch it to Success.

set a bp at 005C7464
click the button
set a bp at 0040A550
run
stop at 0040A550 and EDX = 005C74E8 UNICODE "Normalize"
set eax = 1
set new eip to 0040A579
run

Then should come up with the "good boy" message.

  • Like 4

Share this post


Link to post
  • 0
Reasen
9 hours ago, White said:

Patch it to Success.


set a bp at 005C7464
click the button
set a bp at 0040A550
run
stop at 0040A550 and EDX = 005C74E8 UNICODE "Normalize"
set eax = 1
set new eip to 0040A579
run

Then should come up with the "good boy" message.

What ollydbg configuration you used? i get a crash.

  • Like 1

Share this post


Link to post
  • 0
White
39 minutes ago, reasen said:

What ollydbg configuration you used? i get a crash.

Phantom option -> protect DRX  <-- disable.

 

  • Like 3

Share this post


Link to post
  • 0
Reasen
1 hour ago, White said:

Phantom option -> protect DRX  <-- disable.

 

Well, i see that not fix the problem,

as soon i try to put/run(press the button) the app with a BP in hardware, memory or a normal one, appears an error. Some other kind of configuration i missing?
Thanks.

 

Spoiler

fqvUaN6.png

 

Edited by reasen (see edit history)

Share this post


Link to post
  • 0
White
19 hours ago, Reasen said:

Well, i see that not fix the problem,

as soon i try to put/run(press the button) the app with a BP in hardware, memory or a normal one, appears an error. Some other kind of configuration i missing?
Thanks.

First, you should run the target normally, when you can see the targets window. Then just do what I descripted above.

  • Like 2

Share this post


Link to post
  • 0
Sound

Phantom option -> protect DRX  <-- disable.

 

Strong Od

1456320044x1948221091.png

  • Like 2

Share this post


Link to post
  • 0
collins
On 2016/1/25 at 11:04 AM, White said:

Patch it to Success.


set a bp at 005C7464
click the button
set a bp at 0040A550
run
stop at 0040A550 and EDX = 005C74E8 UNICODE "Normalize"
set eax = 1
set new eip to 0040A579
run

Then should come up with the "good boy" message.

 

how to find the address "0040A550" ?

 

Share this post


Link to post
  • 0
White
On 2016/3/4 at 1:47 PM, collins said:

 

how to find the address "0040A550" ?

 

oh, you should know something about how to trace in its VM routine.

It appears when the first vm routine ends.

  • Like 1

Share this post


Link to post
  • 0
zeger
bpcnd 00618655 ,“ESI==007798A0”

mov EAX,00778FE3

run

 

Edited by zeger (see edit history)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...