Enigma protector 1.02 is another PE file protector. It is still in development and this version is a free demo without limitations. As a target for this tutorial I choose the protector itself because it has all options enabled that it has to offer us. Plus, unpacking a file that I didn't previously packed is chalenging because I do not know what the original was looking like. I must say that this protector gave me some problems, I was writing this tutorial (and that means unpacking it) for a couple of days. Tutorial is not hard to understand but since it's not linear (I was restarting target multiple times) , it is not for beginners. Let's say that it is on intermediate level. At the end of the tutorial, I will show how the protected target can be easily inline patched. Well, not so easy , but it can be easier than unpacking it.
This tutorial will describe manually unpacking last Yoda Protector version 1.03.3. Tutorial will focus on main yP problem, running protected file under debugger.
Hi, friends and welcome to new unpacking tutorial. As I sad, yP 1.03.3 is last yoda protector version and author has decided to stop project. He is planing to start new one. I have already wrote tutorial for unpacking 1.03.2beta vesion, which is prety indentical as this one, but that tutorial didn't described how to run protected file under debugger. This tutorial will show how anti-debug tricks can be easy avoided and bypassed.