Xjun Posted August 8, 2016 Share Posted August 8, 2016 Difficulty : 6Language : C++Platform : WindowsOS Version : Windows 7Packer / Protector :VMProtect Ultimate 3.0.8 Description : Memory Protection -Yes Import protection -Yes Resource Protection -Yes Pack the output File -Yes Debugger - user-mode+Kernel-mode Virtualization Tools -Yes using VMProtect SDK. Screenshot : UnpackMe.7z 1 Link to comment
av999 Posted August 29, 2016 Share Posted August 29, 2016 (edited) not worked under Vmware founded: -popfd; rdtsc -popfd;cpuid -cpuid (eax=1) with 31bit detection in ecx what else? ps unp-crc-notfixed.zip Edited October 3, 2016 by av999 1 Link to comment
Techlord Posted August 29, 2016 Share Posted August 29, 2016 (edited) Wondering why no one was working on this thread Edited August 29, 2016 by Techlord 2 Link to comment
Aer73 Posted August 31, 2016 Share Posted August 31, 2016 @ Techlord. I agree with you. I'm working on a packed file with this version is being complicated. Is few info about. Many thanks. Kindly regards. 1 Link to comment
av999 Posted October 26, 2016 Share Posted October 26, 2016 (edited) del Edited March 20, 2017 by av999 Link to comment
Xjun Posted March 16, 2017 Author Share Posted March 16, 2017 On 2016/8/30 at 3:20 AM, av999 said: not worked under Vmware founded: -popfd; rdtsc -popfd;cpuid -cpuid (eax=1) with 31bit detection in ecx what else? ps unp-crc-notfixed.zip thank you for your reply! VMProtect 3.x Chec detect VMware XP -> cpuid (eax=1) with 31bit detection in ecx -> ZwOpenSection "\device\physicalmemory" WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables 2 Link to comment
SHADOW_UA Posted March 16, 2017 Share Posted March 16, 2017 2 hours ago, Xjun said: thank you for your reply! VMProtect 3.x Chec detect VMware XP -> cpuid (eax=1) with 31bit detection in ecx -> ZwOpenSection "\device\physicalmemory" WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables Correct. And while first one can be patched with cpuid.1.ecx parameter in VMX file, I can't see a way to permanently patch second one. 2 Link to comment
_BaZzi Posted March 24, 2017 Share Posted March 24, 2017 (edited) <00452816> db 90,90,90,90,90,90 ; vm detection <0058796E> jmp @HookedCPUID_CRC <00879550> @HookedCPUID_CRC: mov ebx, 00100800 jmp 00647698 <0047B689> jmp @HookedCPUID_VM <00879570> @HookedCPUID_VM: mov ebx, 00100800 sub ebp,0xC jmp 0047B68F <00498066> jmp @HookedCPUID_V <00879590> @HookedCPUID_V: mov ebx, 00100800 sub ebp,0xC jmp 0049806C <00545E14> jmp @HookedCPUID_U <008795B0> @HookedCPUID_U: mov ebx, 00100800 sub ebp,0xC jmp 00545E1A Patch these to make the buttons work. Besides, IsVirtualMachine will crash on xp. UnpackMe.unpacked.exe.zip Edited March 24, 2017 by _BaZzi typo 2 Link to comment
Techlord Posted March 24, 2017 Share Posted March 24, 2017 So now our guys have succeeded in unpacking VMP 3.0.8 also ! Great ! Link to comment
NewBHack Posted June 28, 2017 Share Posted June 28, 2017 Is there a way to bypass VMWARE detection by Vmprotect 3.x? Link to comment
mmoqry Posted January 13, 2021 Share Posted January 13, 2021 Hello brothers, I am a new member I have an app that I need your help with (UnPack) In the photo an illustration of the type of protection Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now