[Help]Making Loader VMProtect 3.x.x And Dump VM Enigma 5.x.x

For english speakers or readers.
If you don't know Romanian post here.

[Help]Making Loader VMProtect 3.x.x And Dump VM Enigma 5.x.x

Post Number:#1  Postby 2lhtlove » 17 Feb 2017 18:58

Hi Giv
I'm having two problems. If you can, please help me solve them
1. Making Loader VMProtect 3.x.x
I'm working with a target when I patch and then restart target in Ollydbg. Address VA is constantly changing, so I had difficulty in making loader
2. Dump VM Enigma 5.x.x
I use a short script of the author LCF-AT : Simple script which dumps the VM.txt and changed the OEP and the VA in the script available. And very easily after that I get file "VM DUMP" to add section the target unpacked, target test works perfectly on WIN XP SP2 X86, WIN 7 X76. But after reboot windows 7, target run "crash", try dump VM addresses have been changed. WIN XP SP2 not change address DUM P VM.
That's is what I encountered, please help. Sorry for my language english is very bad
Thanks for reading my message
Wish you a good day,
User avatar
2lhtlove
Amator
Amator
Progress to next rank:
20%
 
Status: Offline
Posts: 3
Joined: 15 Feb 2017 22:14

Invitations sent: 0
Referrals: 0
Local time: 23 Sep 2017 17:19
Has thanked: 1 time
Been thanked: 1 time

Re: [Help]Making Loader VMProtect 3.x.x And Dump VM Enigma 5

Post Number:#2  Postby giv » 23 Feb 2017 14:58

2lhtlove wrote:Hi Giv
I'm having two problems. If you can, please help me solve them
1. Making Loader VMProtect 3.x.x
I'm working with a target when I patch and then restart target in Ollydbg. Address VA is constantly changing, so I had difficulty in making loader
2. Dump VM Enigma 5.x.x
I use a short script of the author LCF-AT : Simple script which dumps the VM.txt and changed the OEP and the VA in the script available. And very easily after that I get file "VM DUMP" to add section the target unpacked, target test works perfectly on WIN XP SP2 X86, WIN 7 X76. But after reboot windows 7, target run "crash", try dump VM addresses have been changed. WIN XP SP2 not change address DUM P VM.
That's is what I encountered, please help. Sorry for my language english is very bad
Thanks for reading my message
Wish you a good day,

1. Use Windows XP
2. Disable ASLR.
Best regards!
GIV
User avatar
giv
Admin
Admin
 
Status: Offline
Posts: 844
Age: 35
Joined: 02 Nov 2012 15:33
Location: Romania

Invitations sent: 3
Referrals: 25
National Flag:
Romania
Local time: 23 Sep 2017 12:19
Has thanked: 287 times
Been thanked: 325 times

Re: [Help]Making Loader VMProtect 3.x.x And Dump VM Enigma 5

Post Number:#3  Postby 2lhtlove » 24 Feb 2017 22:09

Hi,
I have searched for ways to disable ASLR on windows 7 32bit but can not, because there is no path :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
“MoveImages”=dword:00000000
Are you know the method disabled? please help
Thanks, I promise to abide by the rules and contributed many articles for your forum
User avatar
2lhtlove
Amator
Amator
Progress to next rank:
20%
 
Status: Offline
Posts: 3
Joined: 15 Feb 2017 22:14

Invitations sent: 0
Referrals: 0
Local time: 23 Sep 2017 17:19
Has thanked: 1 time
Been thanked: 1 time

Re: [Help]Making Loader VMProtect 3.x.x And Dump VM Enigma 5

Post Number:#4  Postby giv » 10 Mar 2017 10:24

2lhtlove wrote:Hi,
I have searched for ways to disable ASLR on windows 7 32bit but can not, because there is no path :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
“MoveImages”=dword:00000000
Are you know the method disabled? please help
Thanks, I promise to abide by the rules and contributed many articles for your forum

Just try harder.
Best regards!
GIV
User avatar
giv
Admin
Admin
 
Status: Offline
Posts: 844
Age: 35
Joined: 02 Nov 2012 15:33
Location: Romania

Invitations sent: 3
Referrals: 25
National Flag:
Romania
Local time: 23 Sep 2017 12:19
Has thanked: 287 times
Been thanked: 325 times


Return to English area

Who is online

Users browsing this forum: No registered users and 5 guests

cron