April 7, 2025Apr 7 Themida & VMProtect (Same Virtualized Code Sections) I want you guys who are capable of unvirtualizing and unpacking them to upload the final ones. These files are just the same part of the codes virtualized which are 2 lines of the original mfc source codes. So if you can unvirtualize them and unpack them, please upload the final ones. Any other protections are excluded absolutely. Give it a try and improve your skills. Best Regards. sean. File Information Submitter lovejoy226 Submitted 04/07/2025 Category UnPackMe View File
21 hours ago21 hr Didn't see it as solved, so decided to give it a try. VMProtect version is quite easy, devirted code:00B91EEE 837D EC 0F CMP DWORD PTR SS:[EBP-14],0F 00B91EF2 76 05 JBE SHORT hashgen_.00B91EF9 00B91EF4 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] 00B91EF7 EB 03 JMP SHORT hashgen_.00B91EFC 00B91EF9 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] 00B91EFC 6A 03 PUSH 3 00B91EFE 50 PUSH EAX 00B91EFF 8D8D 9CFCFFFF LEA ECX,DWORD PTR SS:[EBP-364] 00B91F05 51 PUSH ECX 00B91F06 8D8D 98FCFFFF LEA ECX,DWORD PTR SS:[EBP-368] 00B91F0C 8F01 POP DWORD PTR DS:[ECX] 00B91F0E E8 DD170000 CALL hashgen_.00B936F0 00B91F13 8D85 90FCFFFF LEA EAX,DWORD PTR SS:[EBP-370] 00B91F19 50 PUSH EAX 00B91F1A C645 FC 17 MOV BYTE PTR SS:[EBP-4],17 00B91F1E 68 ED030000 PUSH 3ED 00B91F23 8B8D 94FCFFFF MOV ECX,DWORD PTR SS:[EBP-36C] 00B91F29 8BF9 MOV EDI,ECX 00B91F2B FF15 A892B900 CALL DWORD PTR DS:[<&mfc140u.#5427>] ; mfc140u.5E0C82B0 00B91F31 90 NOP 00B91F32 90 NOP 00B91F33 90 NOP 00B91F34 90 NOP 00B91F35 90 NOP 00B91F36 90 NOP 00B91F37 90 NOP 00B91F38 90 NOP 00B91F39 90 NOP 00B91F3A 90 NOP 00B91F3B 90 NOP 00B91F3C 90 NOP 00B91F3D 90 NOP 00B91F3E 90 NOPAnd a code for a name 123456 is e10adc3949ba59abbe56e057f20f883e
16 hours ago16 hr On 4/7/2025 at 9:31 PM, lovejoy226 said:Any other protections are excluded absolutely.4 hours ago, unpacker1 said:Didn't see it as solved, so decided to give it a try. VMProtect version is quite easy, devirted code:00B91EEE 837D EC 0F CMP DWORD PTR SS:[EBP-14],0F 00B91EF2 76 05 JBE SHORT hashgen_.00B91EF9 00B91EF4 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-28] 00B91EF7 EB 03 JMP SHORT hashgen_.00B91EFC 00B91EF9 8D45 D8 LEA EAX,DWORD PTR SS:[EBP-28] 00B91EFC 6A 03 PUSH 3 00B91EFE 50 PUSH EAX 00B91EFF 8D8D 9CFCFFFF LEA ECX,DWORD PTR SS:[EBP-364] 00B91F05 51 PUSH ECX 00B91F06 8D8D 98FCFFFF LEA ECX,DWORD PTR SS:[EBP-368] 00B91F0C 8F01 POP DWORD PTR DS:[ECX] 00B91F0E E8 DD170000 CALL hashgen_.00B936F0 00B91F13 8D85 90FCFFFF LEA EAX,DWORD PTR SS:[EBP-370] 00B91F19 50 PUSH EAX 00B91F1A C645 FC 17 MOV BYTE PTR SS:[EBP-4],17 00B91F1E 68 ED030000 PUSH 3ED 00B91F23 8B8D 94FCFFFF MOV ECX,DWORD PTR SS:[EBP-36C] 00B91F29 8BF9 MOV EDI,ECX 00B91F2B FF15 A892B900 CALL DWORD PTR DS:[<&mfc140u.#5427>] ; mfc140u.5E0C82B0 00B91F31 90 NOP 00B91F32 90 NOP 00B91F33 90 NOP 00B91F34 90 NOP 00B91F35 90 NOP 00B91F36 90 NOP 00B91F37 90 NOP 00B91F38 90 NOP 00B91F39 90 NOP 00B91F3A 90 NOP 00B91F3B 90 NOP 00B91F3C 90 NOP 00B91F3D 90 NOP 00B91F3E 90 NOPAnd a code for a name 123456 is e10adc3949ba59abbe56e057f20f883eGreat work if correct!! But you should aim to share knowledge on this site for it isn't very fruitful to pointlessly upload an answer like this.
7 hours ago7 hr It's hard to describe it in a single post. It's a generic deobfuscator, not VMProtect-only, based on classic optimization techniques, nothing fancy like AI or patterns. Written completely from scratch, nothing LLVM-based or something. It's still a work in-progress, but getting into stable beta-stage, so I decided to give it additional testing.Devirt should be correct, at least I tested the exe with this code and it works. The one thing I can mess a little is an intermediate representation->asm translation since it's done partially manually.
Create an account or sign in to comment