Xjun 148 Posted August 8, 2016 Share Posted August 8, 2016 Difficulty : 6Language : C++Platform : WindowsOS Version : Windows 7Packer / Protector :VMProtect Ultimate 3.0.8 Description : Memory Protection -Yes Import protection -Yes Resource Protection -Yes Pack the output File -Yes Debugger - user-mode+Kernel-mode Virtualization Tools -Yes using VMProtect SDK. Screenshot : UnpackMe.7z 1 Link to post
av999 8 Posted August 29, 2016 Share Posted August 29, 2016 (edited) not worked under Vmware founded: -popfd; rdtsc -popfd;cpuid -cpuid (eax=1) with 31bit detection in ecx what else? ps unp-crc-notfixed.zip Edited October 3, 2016 by av999 (see edit history) 1 Link to post
Goodbye Tuts4You 236 Posted August 29, 2016 Share Posted August 29, 2016 (edited) Wondering why no one was working on this thread Edited August 29, 2016 by Techlord (see edit history) 2 Link to post
Aer73 1 Posted August 31, 2016 Share Posted August 31, 2016 @ Techlord. I agree with you. I'm working on a packed file with this version is being complicated. Is few info about. Many thanks. Kindly regards. 1 Link to post
av999 8 Posted October 26, 2016 Share Posted October 26, 2016 (edited) del Edited March 20, 2017 by av999 (see edit history) Link to post
Xjun 148 Posted March 16, 2017 Author Share Posted March 16, 2017 On 2016/8/30 at 3:20 AM, av999 said: not worked under Vmware founded: -popfd; rdtsc -popfd;cpuid -cpuid (eax=1) with 31bit detection in ecx what else? ps unp-crc-notfixed.zip thank you for your reply! VMProtect 3.x Chec detect VMware XP -> cpuid (eax=1) with 31bit detection in ecx -> ZwOpenSection "\device\physicalmemory" WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables 2 Link to post
SHADOW_UA 497 Posted March 16, 2017 Share Posted March 16, 2017 2 hours ago, Xjun said: thank you for your reply! VMProtect 3.x Chec detect VMware XP -> cpuid (eax=1) with 31bit detection in ecx -> ZwOpenSection "\device\physicalmemory" WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables Correct. And while first one can be patched with cpuid.1.ecx parameter in VMX file, I can't see a way to permanently patch second one. 2 Link to post
_BaZzi 3 Posted March 24, 2017 Share Posted March 24, 2017 (edited) <00452816> db 90,90,90,90,90,90 ; vm detection <0058796E> jmp @HookedCPUID_CRC <00879550> @HookedCPUID_CRC: mov ebx, 00100800 jmp 00647698 <0047B689> jmp @HookedCPUID_VM <00879570> @HookedCPUID_VM: mov ebx, 00100800 sub ebp,0xC jmp 0047B68F <00498066> jmp @HookedCPUID_V <00879590> @HookedCPUID_V: mov ebx, 00100800 sub ebp,0xC jmp 0049806C <00545E14> jmp @HookedCPUID_U <008795B0> @HookedCPUID_U: mov ebx, 00100800 sub ebp,0xC jmp 00545E1A Patch these to make the buttons work. Besides, IsVirtualMachine will crash on xp. UnpackMe.unpacked.exe.zip Edited March 24, 2017 by _BaZzi typo (see edit history) 2 Link to post
Goodbye Tuts4You 236 Posted March 24, 2017 Share Posted March 24, 2017 So now our guys have succeeded in unpacking VMP 3.0.8 also ! Great ! Link to post
NewBHack 0 Posted June 28, 2017 Share Posted June 28, 2017 Is there a way to bypass VMWARE detection by Vmprotect 3.x? Link to post
mmoqry 0 Posted Wednesday at 09:33 AM Share Posted Wednesday at 09:33 AM Hello brothers, I am a new member I have an app that I need your help with (UnPack) In the photo an illustration of the type of protection Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now