Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

VMProtect Ultimate 3.0.8

Xjun
Xjun
in UnPackMe

Featured Replies

Posted

Difficulty : 6
Language : C++
Platform : Windows
OS Version : Windows 7
Packer / Protector :VMProtect Ultimate 3.0.8

Description :

Memory Protection       -Yes

Import protection          -Yes

Resource Protection     -Yes

Pack the output File      -Yes

Debugger                      - user-mode+Kernel-mode

Virtualization Tools       -Yes

using VMProtect SDK.

Screenshot :

QQ截图20160808120009.jpg

 

UnpackMe.7z

 

    • Like 1
    • 3 weeks later...

    not worked under Vmware

    founded:

    -popfd; rdtsc

    -popfd;cpuid

    -cpuid (eax=1) with 31bit detection in ecx

    what else?

    ps

     

    unp-crc-notfixed.zip

    Edited by av999

    • Like 1

    Wondering why no one was working on this thread :D

    Edited by Techlord

    • Like 2

    @ Techlord.

    I agree with you.

    I'm working on a packed file with this version is being complicated.

    Is few info about.

    Many thanks.

     

    Kindly regards.

     

    t2.jpg

    •
    • Like 1
    • 1 month later...

    What about  x64 unpackme?

    • Like 1
    • 4 weeks later...

    del

    Edited by av999

    小军大牛怎么来这里了?

    • 4 months later...
    • Author
    On 2016/8/30 at 3:20 AM, av999 said:

    not worked under Vmware

    founded:

    -popfd; rdtsc

    -popfd;cpuid

    -cpuid (eax=1) with 31bit detection in ecx

    what else?

    ps

     

    unp-crc-notfixed.zip

    thank you for your reply!:)

    VMProtect 3.x  Chec detect VMware

    XP -> cpuid (eax=1) with 31bit detection in ecx  -> ZwOpenSection "\device\physicalmemory"  

    WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables

    • Like 2
    2 hours ago, Xjun said:

    thank you for your reply!:)

    VMProtect 3.x  Chec detect VMware

    XP -> cpuid (eax=1) with 31bit detection in ecx  -> ZwOpenSection "\device\physicalmemory"  

    WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables

    Correct. And while first one can be patched with cpuid.1.ecx parameter in VMX file, I can't see a way to permanently patch second one.

    • Like 2
    • 2 weeks later... 
    <00452816>
db 90,90,90,90,90,90 ; vm detection

<0058796E>
	jmp @HookedCPUID_CRC

<00879550>
@HookedCPUID_CRC:
	mov ebx, 00100800
	jmp 00647698

<0047B689>
	jmp @HookedCPUID_VM
	
<00879570>
@HookedCPUID_VM:
	mov ebx, 00100800
	sub ebp,0xC
	jmp 0047B68F 

<00498066>
	jmp @HookedCPUID_V
	
<00879590>
@HookedCPUID_V:
	mov ebx, 00100800
	sub ebp,0xC
	jmp 0049806C 

<00545E14>
	jmp @HookedCPUID_U
	
<008795B0>
@HookedCPUID_U:
	mov ebx, 00100800
	sub ebp,0xC
	jmp 00545E1A

    Patch these to make the buttons work.

    Besides, IsVirtualMachine will crash on xp.:unsure:

    UnpackMe.unpacked.exe.zip

    Edited by _BaZzi
    typo

    • Like 2

    So now our guys have succeeded in unpacking VMP 3.0.8 also ! :D

    Great !

    • 3 months later...

    Is there a way to bypass VMWARE detection by Vmprotect 3.x?

    • 3 years later...

    Awesome

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.