Enigma Virtual Box authors made some changes in version 10.70 and broke my unpacker again. 🙁 To be able to support more and more versions, my unpacker requires some serious redesign.
That will take some thinking time and energy but I'll eventually get around to it.
In the meantime, here's a quick fix:
- Detects and unpacks Enigma Virtual Box versions 10.70 and 10.80;
HELLO MASTER
I NEED YOU FOR PRAIVET JOB THANKS
Thank you, I'm not interested.
感谢大佬,但是国内访问不了
Chinese government has decided to block MEGA and all other non-Chinese cloud storages. There's nothing I can do about that.
Thank you
But it cannot be downloaded in China and cannot be accessed.
Chinese government has decided to block MEGA and all other non-Chinese cloud storages. There's nothing I can do about that.
Hello, great author!
Thank you very much for continuously updating this software. It has solved many problems, and I want to express my gratitude and respect to you!
I have some technical questions I would like to consult with you, hoping to get your guidance. I have written a small program specifically for unpacking games. It automatically determines the type of packaging the game uses, then suggests the appropriate tool to the user and helps them download and unpack it automatically.
Could you please give me some pointers on how to use C++ to determine if an executable file is packed with EnigmaVB? Currently, my method is quite foolish; I simply check if the name is `game_boxed.exe` and then prompt the user to use your tool for unpacking...
Thank you very much.
It's a very good question. Unfortunately you didn't leave the email address, so I can't reach out to you to give a longer answer.
Short answer - you can check that last 2 PE sections in the file are named
.enigma1and.enigma2. This will work in 99+% of cases, with some (minor) chance of mistakes. DiE (Detect It Easy) does it the same way, as you can see here.Long time no see. I'm very sorry for taking so long to reply to you. I fell seriously ill and have only recently started to recover. I'm very glad to receive your response. This time, I've left my email address. Could you please send me an email so I can send you the code I just wrote for your review?
No worries. My email address can be found at the bottom of every page, feel free to send me a message whenever you like.
Hi, thanks for the update!
Would you consider uploading to other platforms such as google drive?
MEGA has daily download limit and some unlucky people (such as I) may need to wait a day or two.
That's really not an option. Google Drive really hates when someone tries sharing EXE files (or archives containing EXE files, or password-protected archives, or any other reasonable workaround).
That MEGA limit seems to be on your side, as my account has plenty of traffic left:
EnigmavB version: 10.40(] Looking for external packages: DEFAULT FOLDER%\□sundata,dfgB@鴻婺口-] File not found.[] Looking for external packages: c:Users(cheniDesktoplyuxuel□sundata.dfgB@ 嘎鴻口鐜口] No matching fles foundil Original fle had no TLs directory[+]Unpacked main fle: c:\Users(chenlDesktoplyuxuelSungame_unpacked.exe[+] Finished!
I need to see the file to understand what went wrong. Could you please upload it to MEGA/MediaFire/Workupload and send me the link?
{hidden link},,,,Many of the same type of external packets cannot find the file name,thanks!
Thank you, I found a bug in my unpacker. It happens when a rarely used VirtualBox option (Storage->Save changes of virtual files) is enabled.
I'm not sure whether I will be able to fix this without a big rewrite I mentioned earlier in the blogpost. Will keep you posted!
[+] Filename: C:\Users\Administrator\Downloads\Game\Three.exe
[+] MD5: e070b32c4db988146aec49d29bd463df
[+] x86 executable
[x] Looks like this file is protected with Enigma Protector, not Enigma Virtual Box.
[x] It is not supported by my unpacker
There's not much else I can say.
Thanks for your great job! I got a packed .exe and want to replace some of the files. So I use this unpacker to unpack the exe, it's completely easy to use and then I can do what I want.
The problem is, the unpacker show hundreds of Registry listings. How can I add these registry lines to Enigma VB if not add them one by one by hand? Thanks in advance.
Hi there, virtualized registry entries are rarely used in real-life, so I never had any real incentive to spend much time on that.
If you could upload your file to MEGA/MediaFire/Workupload, I'll take a look at it and try to come up with some sort of improvement. Would that work for you?
Hi Kao,
After using ExeInfoPE and DIE on an executable (supposedly created with Enigma Virtual Box), both utilities don't detect EVB and your EVB-Unpacker doesn't detect it either.
Could you check it if it is not too much trouble ?.
HyperSnap v8.19 Portable for WXP-W11(Enigma Virtual Box + PurePortable.).
Special old version with TxtCap support from v8.15 (less glitchy).
{hidden link}
Cheers.
It was packed with Enigma Virtual Box and then PE section names were changed.
See the highlighted two sections in the image? They should be named
.enigma1and.enigma2respectively. If you fix them using DiE or any other PE-file editor, my unpacker will work just fine (and so will ExeInfoPE and DiE).Cool kao, Works flawless.
I figured that EnigmaVBUnpacker detects EVB packaging via signatures, as well as the rest of the binary recognition tools.
I was finally able to verify that HyperSnap v8.19 only requires 3 DLLs to run on XP, after installation.
kernel30.dll
xsapi.dll (psapi.dll v6.0.6000.16386 from Vista)
shell30.dll
Too much thanks to you.
You're welcome. 🙂