Xjun 119 Posted August 8, 2016 Difficulty : 6Language : C++Platform : WindowsOS Version : Windows 7Packer / Protector :VMProtect Ultimate 3.0.8 Description : Memory Protection -Yes Import protection -Yes Resource Protection -Yes Pack the output File -Yes Debugger - user-mode+Kernel-mode Virtualization Tools -Yes using VMProtect SDK. Screenshot : UnpackMe.7z 1 Share this post Link to post
0 av999 8 Posted August 29, 2016 (edited) not worked under Vmware founded: -popfd; rdtsc -popfd;cpuid -cpuid (eax=1) with 31bit detection in ecx what else? ps unp-crc-notfixed.zip Edited October 3, 2016 by av999 (see edit history) 1 Share this post Link to post
0 Techlord 230 Posted August 29, 2016 (edited) Wondering why no one was working on this thread Edited August 29, 2016 by Techlord (see edit history) 2 Share this post Link to post
0 Aer73 1 Posted August 31, 2016 @ Techlord. I agree with you. I'm working on a packed file with this version is being complicated. Is few info about. Many thanks. Kindly regards. 1 Share this post Link to post
0 av999 8 Posted October 26, 2016 (edited) del Edited March 20, 2017 by av999 (see edit history) Share this post Link to post
0 Xjun 119 Posted March 16, 2017 On 2016/8/30 at 3:20 AM, av999 said: not worked under Vmware founded: -popfd; rdtsc -popfd;cpuid -cpuid (eax=1) with 31bit detection in ecx what else? ps unp-crc-notfixed.zip thank you for your reply! VMProtect 3.x Chec detect VMware XP -> cpuid (eax=1) with 31bit detection in ecx -> ZwOpenSection "\device\physicalmemory" WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables 2 Share this post Link to post
0 SHADOW_UA 473 Posted March 16, 2017 2 hours ago, Xjun said: thank you for your reply! VMProtect 3.x Chec detect VMware XP -> cpuid (eax=1) with 31bit detection in ecx -> ZwOpenSection "\device\physicalmemory" WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables Correct. And while first one can be patched with cpuid.1.ecx parameter in VMX file, I can't see a way to permanently patch second one. 2 Share this post Link to post
0 _BaZzi 3 Posted March 24, 2017 (edited) <00452816> db 90,90,90,90,90,90 ; vm detection <0058796E> jmp @HookedCPUID_CRC <00879550> @HookedCPUID_CRC: mov ebx, 00100800 jmp 00647698 <0047B689> jmp @HookedCPUID_VM <00879570> @HookedCPUID_VM: mov ebx, 00100800 sub ebp,0xC jmp 0047B68F <00498066> jmp @HookedCPUID_V <00879590> @HookedCPUID_V: mov ebx, 00100800 sub ebp,0xC jmp 0049806C <00545E14> jmp @HookedCPUID_U <008795B0> @HookedCPUID_U: mov ebx, 00100800 sub ebp,0xC jmp 00545E1A Patch these to make the buttons work. Besides, IsVirtualMachine will crash on xp. UnpackMe.unpacked.exe.zip Edited March 24, 2017 by _BaZzi typo (see edit history) 2 Share this post Link to post
0 Techlord 230 Posted March 24, 2017 So now our guys have succeeded in unpacking VMP 3.0.8 also ! Great ! Share this post Link to post
0 NewBHack 0 Posted June 28, 2017 Is there a way to bypass VMWARE detection by Vmprotect 3.x? Share this post Link to post
Difficulty : 6
Language : C++
Platform : Windows
OS Version : Windows 7
Packer / Protector :VMProtect Ultimate 3.0.8
Description :
Memory Protection -Yes
Import protection -Yes
Resource Protection -Yes
Pack the output File -Yes
Debugger - user-mode+Kernel-mode
Virtualization Tools -Yes
using VMProtect SDK.
Screenshot :
UnpackMe.7z
Share this post
Link to post