gholam.illidan Posted January 2, 2017 Share Posted January 2, 2017 Difficulty : 4/10Language : .NETPlatform : WindowsOS Version : AllPacker / Protector : Find Out Description : Fully unpack the the .EXE file (not the dll!!!). Please provide details on how you managed to unpack it. Screenshot : UnpackMe.rar 1 Link to comment Share on other sites More sharing options...
cawk Posted January 2, 2017 Share Posted January 2, 2017 file doesnt run for me windows 10 Link to comment Share on other sites More sharing options...
converse Posted January 2, 2017 Share Posted January 2, 2017 antivirus detect VMProtect Link to comment Share on other sites More sharing options...
Perplex Posted January 2, 2017 Share Posted January 2, 2017 Also did not run my side. Link to comment Share on other sites More sharing options...
converse Posted January 2, 2017 Share Posted January 2, 2017 Just now, Perplex said: Also did not run my side. +++ Link to comment Share on other sites More sharing options...
gholam.illidan Posted January 2, 2017 Author Share Posted January 2, 2017 2 hours ago, cawk said: file doesnt run for me windows 10 the obfuscator is not yet compatible with all windows versions (it definitely works in Win XP) 1 hour ago, converse said: antivirus detect VMProtect the dll is protected with VMP, but its not important since the target is the EXE file Link to comment Share on other sites More sharing options...
cawk Posted January 2, 2017 Share Posted January 2, 2017 2 hours ago, gholam.illidan said: the obfuscator is not yet compatible with all windows versions (it definitely works in Win XP) the dll is protected with VMP, but its not important since the target is the EXE file ah okay im out then since i have no desire to set up a vm in xp Link to comment Share on other sites More sharing options...
h4sh3m Posted January 10, 2017 Share Posted January 10, 2017 Hi @gholam.illidan, I don't know you but according your posts you should be @safengine with duplicate account !!! and about unpack me : file tested on win xp x86 and win7 x64 and work correctly, incompatibilities (in win 10 and/or win8) is just because of VMP 2.x (improved version + vmp 3 works on win 10 too). Best Regards, h4sh3m Link to comment Share on other sites More sharing options...
Perplex Posted January 10, 2017 Share Posted January 10, 2017 I've tried on Win7 x86/x64 not work. Link to comment Share on other sites More sharing options...
h4sh3m Posted January 10, 2017 Share Posted January 10, 2017 (edited) 4 minutes ago, Perplex said: I've tried on Win7 x86/x64 not work. under debugger or ... tested on 4 ~ 5 system and works on all of them !!! you can try this one if you like (client coded in 2 day just for test code protector and it's not final version ): http://www.mediafire.com/file/x4bw6dzkw32i1kk/BlueIrisClient_CSharp.rar pass : h4sh3m Best Regards, h4sh3m Edited January 10, 2017 by h4sh3m Link to comment Share on other sites More sharing options...
BambooQJ Posted February 25, 2017 Share Posted February 25, 2017 RaiseException ...................... I do't can unpack Exception handling Link to comment Share on other sites More sharing options...
BambooQJ Posted February 26, 2017 Share Posted February 26, 2017 RaiseException ...................... I do't can unpack Exception handling BP [Logger.dll+EBD11] [esp+18] *date [esp+1c] Len [esp+20] OLD copy 00 28 3D 00 00 0A 00 16 28 3E 00 00 0A 00 73 01 00 00 06 28 3F 00 00 0A 00 2A 02 14 7D 01 00 00 04 02 28 10 00 00 0A 00 00 02 28 05 00 00 06 00 00 2A 00 02 73 20 00 00 0A 7D 02 00 00 04 02 73 21 00 00 0A 7D 03 00 00 04 02 73 22 00 00 0A 7D 04 00 00 04 02 73 21 00 00 0A 7D 05 00 00 04 02 73 22 00 00 0A 7D 06 00 00 04 02 28 23 00 00 0A 00 02 7B 02 00 00 04 1F 0C 1F 5A 73 24 00 00 0A 6F 25 00 00 0A 00 02 7B 02 00 00 04 72 4F 00 00 70 6F 26 00 00 0A 00 02 7B 02 00 00 04 1F 4B 1F 17 73 27 00 00 0A 6F 28 00 00 0A 00 02 7B 02 00 00 04 16 6F 29 00 00 0A 00 02 7B 02 00 00 04 72 5F 00 00 70 6F 2A 00 00 0A 00 02 7B 02 00 00 04 17 6F 2B 00 00 0A 00 02 7B 02 00 00 04 02 FE 06 03 00 00 06 73 2C 00 00 0A 6F 2D 00 00 0A 00 02 7B 03 00 00 04 17 6F 2E 00 00 0A 00 02 7B 03 00 00 04 1F 0C 1F 09 73 24 00 00 0A 6F 25 00 00 0A 00 02 7B 03 00 00 04 72 6B 00 00 70 6F 26 00 00 0A 00 02 7B 03 00 00 04 1F 29 1F 0D 73 27 00 00 0A 6F 28 00 00 0A 00 02 7B 03 00 00 04 17 6F 29 00 00 0A 00 02 7B 03 00 00 04 72 79 00 00 70 6F 2A 00 00 0A 00 02 7B 04 00 00 04 1F 0C 1F 19 73 24 00 00 0A 6F 25 00 00 0A 00 02 7B 04 00 00 04 72 87 00 00 70 6F 26 00 00 0A 00 02 7B 04 00 00 04 20 58 01 00 00 1F 14 73 27 00 00 0A 6F 28 00 00 0A 00 02 7B 04 00 00 04 18 6F 29 00 00 0A 00 02 7B 05 00 00 04 17 6F 2E 00 00 0A 00 02 7B 05 00 00 04 1F 0C 1F 30 73 24 00 00 0A 6F 25 00 00 0A 00 02 7B 05 00 00 04 72 99 00 00 70 6F 26 00 00 0A 00 02 7B 05 00 00 04 1F 2B 1F 0D 73 27 00 00 0A 6F 28 00 00 0A 00 02 7B 05 00 00 04 19 6F 29 00 00 0A 00 02 7B 05 00 00 04 72 A7 00 00 70 6F 2A 00 00 0A 00 02 7B 06 00 00 04 1F 0C 1F 40 73 24 00 00 0A 6F 25 00 00 0A 00 02 7B 06 00 00 04 72 BB 00 00 70 6F 26 00 00 0A 00 02 7B 06 00 00 04 20 58 01 00 00 1F 14 73 27 00 00 0A 6F 28 00 00 0A 00 02 7B 06 00 00 04 1A 6F 29 00 00 0A 00 02 22 00 00 C0 40 22 00 00 50 41 73 2F 00 00 0A 28 30 00 00 0A 00 02 17 28 31 00 00 0A 00 02 20 70 01 00 00 1F 78 73 27 00 00 0A 28 32 00 00 0A 00 02 28 33 00 00 0A 02 7B 06 00 00 04 6F 34 00 00 0A 00 02 28 33 00 00 0A 02 7B 05 00 00 04 6F 34 00 00 0A 00 02 28 33 00 00 0A 02 7B 04 00 00 04 6F 34 00 00 0A 00 02 28 33 00 00 0A 02 7B 03 00 00 04 6F 34 00 00 0A 00 02 28 33 00 00 0A 02 7B 02 00 00 04 6F 34 00 00 0A 00 02 17 28 35 00 00 0A 00 02 16 28 36 00 00 0A 00 02 16 28 37 00 00 0A 00 02 72 CD 00 00 70 28 26 00 00 0A 00 02 17 28 38 00 00 0A 00 02 72 D9 00 00 70 6F 2A 00 00 0A 00 02 16 28 39 00 00 0A 00 02 28 3A 00 00 0A 00 2A 00 28 16 00 00 0A 0A 72 07 00 00 70 02 7B 04 00 00 04 6F 17 00 00 0A 28 18 00 00 0A 0B 28 19 00 00 0A 07 6F 1A 00 00 0A 0C 02 7B 06 00 00 04 6F 17 00 00 0A 06 08 6F 1B 00 00 0A 28 02 00 00 06 28 1C 00 00 0A 16 FE 01 0D 09 2D 0B 72 1B 00 00 70 28 1D 00 00 0A 26 2A 00 02 14 FE 01 16 FE 01 0D 09 2D 04 14 0C 2B 5A 02 8E 69 16 FE 01 16 FE 01 0D 09 2D 08 7E 11 00 00 0A 0C 2B 45 73 12 00 00 0A 0A 00 02 13 04 16 13 05 2B 21 11 04 11 05 91 0B 00 06 12 01 72 01 00 00 70 28 13 00 00 0A 6F 14 00 00 0A 26 00 11 05 17 58 13 05 11 05 11 04 8E 69 FE 04 0D 09 2D D3 06 6F 15 00 00 0A 0C 2B 00 08 2A PATCH CrackMe 2A2A2A2A2........ CrackMe_unpack.7z my poor english... 用中国话叙述一遍. 对[Logger.dll+EBD11] 的地方下断点.观察堆栈..发现 可疑地址.偏移上边给了 前两个是新的数据. 后边+20的地址是 调用原始地址的指针.结构同前两个.. 都保存出来 然后跑完 粘贴回去..就是正常代码了.. 2 Link to comment Share on other sites More sharing options...
h4sh3m Posted February 26, 2017 Share Posted February 26, 2017 Hi Thanks dear @BambooQJ, But I haven't access to your unpacked file so please upload it to other place! Best Regards, h4sh3m Link to comment Share on other sites More sharing options...
BambooQJ Posted February 26, 2017 Share Posted February 26, 2017 2 hours ago, h4sh3m said: 嗨 谢谢亲爱的 @BambooQJ,但我没有访问您的解压缩文件,所以请上传到其他地方! 最好的祝福, h4sh3m https://mega.nz/#!YwUEEAiK!_PoBQvzWJb8ckcweXuHBH4puhatHF_nisoSRg4qUPOA 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now