Xjun 127 Posted August 8, 2016 Difficulty : 6Language : C++Platform : WindowsOS Version : Windows 7Packer / Protector :VMProtect Ultimate 3.0.8 Description : Memory Protection -Yes Import protection -Yes Resource Protection -Yes Pack the output File -Yes Debugger - user-mode+Kernel-mode Virtualization Tools -Yes using VMProtect SDK. Screenshot : UnpackMe.7z 1 Share this post Link to post
av999 8 Posted August 29, 2016 (edited) not worked under Vmware founded: -popfd; rdtsc -popfd;cpuid -cpuid (eax=1) with 31bit detection in ecx what else? ps unp-crc-notfixed.zip Edited October 3, 2016 by av999 (see edit history) 1 Share this post Link to post
Goodbye Tuts4You 233 Posted August 29, 2016 (edited) Wondering why no one was working on this thread Edited August 29, 2016 by Techlord (see edit history) 2 Share this post Link to post
Aer73 1 Posted August 31, 2016 @ Techlord. I agree with you. I'm working on a packed file with this version is being complicated. Is few info about. Many thanks. Kindly regards. 1 Share this post Link to post
av999 8 Posted October 26, 2016 (edited) del Edited March 20, 2017 by av999 (see edit history) Share this post Link to post
Xjun 127 Posted March 16, 2017 On 2016/8/30 at 3:20 AM, av999 said: not worked under Vmware founded: -popfd; rdtsc -popfd;cpuid -cpuid (eax=1) with 31bit detection in ecx what else? ps unp-crc-notfixed.zip thank you for your reply! VMProtect 3.x Chec detect VMware XP -> cpuid (eax=1) with 31bit detection in ecx -> ZwOpenSection "\device\physicalmemory" WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables 2 Share this post Link to post
SHADOW_UA 488 Posted March 16, 2017 2 hours ago, Xjun said: thank you for your reply! VMProtect 3.x Chec detect VMware XP -> cpuid (eax=1) with 31bit detection in ecx -> ZwOpenSection "\device\physicalmemory" WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables Correct. And while first one can be patched with cpuid.1.ecx parameter in VMX file, I can't see a way to permanently patch second one. 2 Share this post Link to post
_BaZzi 3 Posted March 24, 2017 (edited) <00452816> db 90,90,90,90,90,90 ; vm detection <0058796E> jmp @HookedCPUID_CRC <00879550> @HookedCPUID_CRC: mov ebx, 00100800 jmp 00647698 <0047B689> jmp @HookedCPUID_VM <00879570> @HookedCPUID_VM: mov ebx, 00100800 sub ebp,0xC jmp 0047B68F <00498066> jmp @HookedCPUID_V <00879590> @HookedCPUID_V: mov ebx, 00100800 sub ebp,0xC jmp 0049806C <00545E14> jmp @HookedCPUID_U <008795B0> @HookedCPUID_U: mov ebx, 00100800 sub ebp,0xC jmp 00545E1A Patch these to make the buttons work. Besides, IsVirtualMachine will crash on xp. UnpackMe.unpacked.exe.zip Edited March 24, 2017 by _BaZzi typo (see edit history) 2 Share this post Link to post
Goodbye Tuts4You 233 Posted March 24, 2017 So now our guys have succeeded in unpacking VMP 3.0.8 also ! Great ! Share this post Link to post
NewBHack 0 Posted June 28, 2017 Is there a way to bypass VMWARE detection by Vmprotect 3.x? Share this post Link to post
