UNKNOWN PAKER

[seven]

HI ALL ,

CAN U HELP ME WITH THIS PACKER COZ I CANT

FIND OUT WHICH PACKER UZED HERE :

hXXp://www.vb-decompiler.org/index.php?p=Download

THANX SO MUCH .

[haggar]

VMProtect 1.xx

It's not packer, it is VirtualMachine obfuscator.


Why do you want to know?

[seven]

thanx haggar , doez VirtualMachine obfuscator meanz :

compressor + protector COZ B4 DUMPING THE PROGGIE

SIZE WAZ 288 KB AND WHEN U DUMP IT U GET 5.7 MB

WHICH MEANZ ITZ COMPRESSOR BESIDE PROTECTOR ,

COZ I WANT ANY TOOL CAN HANDLE VISUAL BASIC

PROGGIEZ , LAST THING HAGGAR PLZ CAN U POINT TO

THE ENTRY POINT ?

THANX SO MUCH

[haggar]

VMProtector replaces opcodes and whole procedures with emulated opcodes and poly obfuscation. It uses Virtual Machine to emulate replaced opcodes. So if you want to crack it, you must reverse Virtual Machine instructions and write your own dissasembler. As you can see, very hard job.


This particular app used very bad implemented VMProtector protection. Only TWO OPCODES are stolen from OEP. So, to remove protection from this VB decompiler, you need just to restore first two opcodes. App is VB , and first two opcodes in every VB app are

PUSH SlowGold.00426E90 - that points to VB5!.#* in file

CALL <JMP.&MSVBVM60.#100> - that points to first jump above PUSH.


But this program is demo and you will not gain anything with this.



See you.

regards

[seven]

thanx so much haggar

[Akrobat]

All last versions of programs GPcH Soft are protected by protector DotFix NiceProtect!
Including a protector! The protector weak is removed for some seconds!
Last version VBDecompilera as is protected by this protector!