Jump to content
Tuts 4 You

VMProtect Ultimate 3.0.8


Xjun

Recommended Posts

Difficulty : 6
Language : C++
Platform : Windows
OS Version : Windows 7
Packer / Protector :VMProtect Ultimate 3.0.8

Description :

Memory Protection       -Yes

Import protection          -Yes

Resource Protection     -Yes

Pack the output File      -Yes

Debugger                      - user-mode+Kernel-mode

Virtualization Tools       -Yes

using VMProtect SDK.

Screenshot :

QQ截图20160808120009.jpg

 

UnpackMe.7z

 

  • Like 1
Link to post
  • 3 weeks later...

@ Techlord.

I agree with you.

I'm working on a packed file with this version is being complicated.

Is few info about.

Many thanks.

 

Kindly regards.

 

t2.jpg

  • Like 1
Link to post
  • 1 month later...
  • 4 weeks later...
  • 4 months later...
On 2016/8/30 at 3:20 AM, av999 said:

not worked under Vmware

founded:

-popfd; rdtsc

-popfd;cpuid

-cpuid (eax=1) with 31bit detection in ecx

what else?

ps

 

unp-crc-notfixed.zip

thank you for your reply!:)

VMProtect 3.x  Chec detect VMware

XP -> cpuid (eax=1) with 31bit detection in ecx  -> ZwOpenSection "\device\physicalmemory"  

WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables

  • Like 2
Link to post
SHADOW_UA
2 hours ago, Xjun said:

thank you for your reply!:)

VMProtect 3.x  Chec detect VMware

XP -> cpuid (eax=1) with 31bit detection in ecx  -> ZwOpenSection "\device\physicalmemory"  

WIN7 -> cpuid (eax=1) with 31bit detection in ecx -> kernel32.EnumSystemFirmwareTables

Correct. And while first one can be patched with cpuid.1.ecx parameter in VMX file, I can't see a way to permanently patch second one.

  • Like 2
Link to post
  • 2 weeks later...
<00452816>
db 90,90,90,90,90,90 ; vm detection

<0058796E>
	jmp @HookedCPUID_CRC

<00879550>
@HookedCPUID_CRC:
	mov ebx, 00100800
	jmp 00647698

<0047B689>
	jmp @HookedCPUID_VM
	
<00879570>
@HookedCPUID_VM:
	mov ebx, 00100800
	sub ebp,0xC
	jmp 0047B68F 

<00498066>
	jmp @HookedCPUID_V
	
<00879590>
@HookedCPUID_V:
	mov ebx, 00100800
	sub ebp,0xC
	jmp 0049806C 

<00545E14>
	jmp @HookedCPUID_U
	
<008795B0>
@HookedCPUID_U:
	mov ebx, 00100800
	sub ebp,0xC
	jmp 00545E1A 

Patch these to make the buttons work.

Besides, IsVirtualMachine will crash on xp.:unsure:

UnpackMe.unpacked.exe.zip

Edited by _BaZzi
typo (see edit history)
  • Like 2
Link to post
  • 3 months later...
  • 3 years later...
  • 2 months later...

Hello brothers, I am a new member
  I have an app that I need your help with (UnPack)
In the photo an illustration of the type of protection

UN.jpg

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...