ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Sep 17, 2019 10:51 pm

All times are UTC




Post new topic  Reply to topic  [ 115 posts ]  Go to page Previous 1 2 3 4 5 6
Author Message
PostPosted: Wed Mar 07, 2018 5:28 am 

Joined: Tue Mar 06, 2018 7:46 am
Posts: 1
hi everybody
i test my exe file by "RDG Packer Detector" and it shown me that packet by themida but when i use "Protection ID V0.6.6.7" it say : "file appears to have no protection or is using an unkown protection"
why?
can everyone help me?
thanks :)


Top
   
PostPosted: Fri Jun 01, 2018 10:47 am 

Joined: Fri Jun 01, 2018 10:35 am
Posts: 1
i have 1 packed file protected with Themida/Winlicense(2.X) and Unopix(0.94)

Can you unpack it?
http://www.mediafire.com/file/yg92u1bfj ... 8.exe/file


Top
   
PostPosted: Fri Jul 06, 2018 3:57 pm 

Joined: Fri Jul 06, 2018 3:50 pm
Posts: 1
CriticalError wrote:
I need full binaries to unpack it, because in the process when unpacking it, it ask for dll called opencv_core242.dll and you only upload a exe.



Can you help me extract the program in the link below? Did I try to follow your tutorial but failed? I need to unpack and find a way to register it (crack). This is a program I need. Can you help me? My email is blubinary2018@gmail.com. If you can do a video tutorial, then you mail it to me? Thank you very much and look forward to your response. respectfully greet!


download link: https://drive.google.com/open?id=1NZwcy ... v8IuXW5KEg


Top
   
PostPosted: Sun Sep 16, 2018 10:46 pm 

Joined: Sun Sep 16, 2018 10:45 pm
Posts: 1
nt api missing on windows 10


Top
   
PostPosted: Fri Dec 07, 2018 10:28 am 

Joined: Fri Dec 07, 2018 10:24 am
Posts: 1
Hi Everyone,
Please help me unpack this file
Thanks.


Attachments:
file.rar [2.84 MiB]
Downloaded 60 times
Top
   
PostPosted: Wed Dec 12, 2018 3:53 pm 

Joined: Wed Dec 12, 2018 2:26 pm
Posts: 1
hi everybody!

there is a program that I would like to translate into my language, but the problem is that it is protected by Themida((
I tried to translate according to this instruction, but nothing came of it. if not difficult, please remove the protection

download link: http://www.mediafire.com/file/yscofxgv9 ... 1.rar/file
to make Sure it's not a virus, I'll attach a virustotal report: https://www.virustotal.com/#/file/c4d59 ... /detection


Top
   
PostPosted: Thu Apr 11, 2019 9:27 am 

Joined: Thu Apr 11, 2019 7:21 am
Posts: 1
Tried to use 1.4 script. With unpackme work well
With my program extract dumped program but.."Send-Don't send" Error.
https://mega.nz/#!gEA3WKZY!zGIcFrh0tCIL ... ZNwIbvAkUE

Where i wrong?


Top
   
PostPosted: Sat Jun 01, 2019 1:48 pm 

Joined: Sat Jun 01, 2019 1:32 pm
Posts: 3
I am new here, so Hi guys.

I did read some about the themida but the later versions get much better, and I have a problem that scyllahide in 32dbg can not dump mine target.

Also it is not only protected with themida but also with rocky dongle everkey, this I had dissolved already a time ago, the known yes/no decision from laze programmers
packing is maybe a better way but include adresses into a rocky dongle is even better, but nobody does it needs more programming skills and also it can be cracked if a donge is present, honestly, everything can be cracked, but learning van each other and the fun, it is great..

regards


Top
   
PostPosted: Tue Jun 11, 2019 2:04 pm 

Joined: Sat Jun 01, 2019 1:32 pm
Posts: 3
CriticalError wrote:
aluigi wrote:
@CriticalError
Maybe you can provide a zip containing the whole ollydbg folder already setup and with all the necessary plugins and modifications so that the users can just unzip and use it without looking for dead links and editing stuff.

done mate, here is the ollydbg folder I use before I think all is there but maybe not xD long time ago doing it and leave it so well it still there and hope it works.

http:// REMOVED www.mediafire.com REMOVED /file/1xvqcqguxfci99i/odbg110.7z



The ollydbg into this zip file? it has something strange, and it looks it is a virus or something, run it once and the other olly,s does also not load plugins anymore.

Well I am right, all the ollydebug folders I have on the disk, are all defective, non do load the plugins anymore, none, this is a very dangerous download, please remove it.

I did search in it, oke, what happens ollydbg get,s bigger after refres the file it works again, but with a quick langcher from desktop windows, it is bad again, file grows from 1.06 Mb tot 1.26 Mb clearly something gets in it, a virus or other bad stuff, so remove this shit.


Top
   
 Post subject: themida 2.4.6
PostPosted: Mon Jun 17, 2019 1:02 pm 

Joined: Sat Jun 01, 2019 1:32 pm
Posts: 3
Hi aluigi


Have change the post by these.

I have infections from that download as when download this ollydbg and run it everything dit nowt work, special the ollydbg did not load plugins anymore.

I have a VM one qemu is in linux the other is in windows, and use a older pc afcourse, not mine, I do electronics and this contains designs incl pcb, but for some relaxing I do dig into code, It is relaxing, and it is not for cracking software.

I do have rfead things about critical error, nice learnings.


Regards


Attachments:
ScreenHunter 05.jpg [143.61 KiB]
Not downloaded yet


Last edited by kees on Mon Jun 17, 2019 4:34 pm, edited 4 times in total.
Top
   
PostPosted: Mon Jun 17, 2019 1:31 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10569
@kees
please don't open topics in other sections.

I can do nothing about that file, CriticalError has ever been a trusted user (he wasn't even interested in sharing it) and in any case it's clearly stated to use an WinXP virtual machine.
If you have doubts don't use and for sure don't use this type of stuff outside a VM.


Top
   
PostPosted: Sat Jul 13, 2019 11:48 am 

Joined: Sat Jul 13, 2019 10:27 am
Posts: 1
made an account just to post this, because the files in OP are alarming

>False positive
would be one hell of a false positive
>hurr he even says use inside a vm
that doesnt change the fact that these files are suspicious and that not everyone is going to follow the directions or even read him saying that, which is pretty damn good motive
>trusted
hitler was trusted

incoming wall of text

virustotals:
original ollydbg.exe, same version:
https://www.virustotal.com/gui/file/1a6 ... /detection
ZERO DETECTIONS

exe provided by op:
https://www.virustotal.com/gui/file/77d ... /detection
60/65 detected

ScyllaHideIDASrvx86 orig, found on github
https://www.virustotal.com/gui/file/ad8 ... a2/details
1/56 engines detected

ScyllaHideIDASrvx86.exe provided by op:
https://www.virustotal.com/gui/file/2fe ... 64/details
51/56 engines detected

more digging:

These exe files call WH_MSGFILTER? "The WH_MSGFILTER and WH_SYSMSGFILTER hooks enable you to monitor messages about to be processed by a menu, scroll bar, message box, or dialog box". im thinking possible keylogger here, windows antivirus even reports this as a password stealer.

And other antiviruses report these files as a worm
Sure enough, the files in the op behave just like that--strange behavior such as communicating on the local network, makes suspicious registry accesses, and even infects other olly installs according to kees, ALL OF WHICH THE ORIGINAL FILES DO NOT DO

avg detected as w32/morfksys:
"W32/Mofksys can spread via copying itself to network shares and removable drives."
wouldnt be surprised if these files did exactly that to leave the VM, also the file communicates on the local network
HMM
if that were the case, they might not even be super safe running inside a vm if you were to execute one of the files he modified outside of the vm

finally, the infected files also load a bunch of extra system dlls that the original didnt need

Unless OP has an explanation for this, these files shouldnt be used and the safest bet would be to download all the files from other sources. Tutorial was at least okay though


Top
   
PostPosted: Mon Jul 15, 2019 4:57 am 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 134
aluigi wrote:
@kees
please don't open topics in other sections.

I can do nothing about that file, CriticalError has ever been a trusted user (he wasn't even interested in sharing it) and in any case it's clearly stated to use an WinXP virtual machine.
If you have doubts don't use and for sure don't use this type of stuff outside a VM.


The MediaFire link is infected. (The very last link in the post.)

The OllyDbg.exe and loaddll.exe in that archive are fake and is instead a virus written in VB6. (Basically, every exe is the same virus in that archive.)

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Sun Aug 11, 2019 5:57 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10569
@JeoJ1 @atom0s
ok link of CriticalError removed, left part of the URL just in case.
No idea why he posted a virus... mah


Top
   
PostPosted: Fri Aug 23, 2019 2:24 am 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 134
aluigi wrote:
@JeoJ1 @atom0s
ok link of CriticalError removed, left part of the URL just in case.
No idea why he posted a virus... mah


Not sure why he would either. Perhaps got fed up with beggers spamming him after posting this tutorial, still not a reason to do it.

Using web archive:
Code:
Aug 18, 2015:
https://web.archive.org/web/20150818135421/http://zenhax.com/viewtopic.php?t=1051

Jan 16, 2017:
https://web.archive.org/web/20170116083422/https://zenhax.com/viewtopic.php?t=1051


So the link was added between that timeframe, seems to also be the only thing really ever edited/added to the post.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 115 posts ]  Go to page Previous 1 2 3 4 5 6

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited