01 Mar

March update of unpackers

Enigma VirtualBox unpacker

  • Unpacker will refuse to run if there is not enough space in TMP folder and/or in working directory
  • PE header size was calculated incorrectly in some cases
  • TLS directory was not detected correctly for some files

Setting TMP folder to a RAM drive was a good idea in 1990s. Now it's year 2019 and you can't manage virtual memory better than Windows already do. But some people apparently still try, so I added checks to stop them from shooting themselves in the foot.

Molebox VS unpacker

  • Added support for a very old version on Molebox VS, as reported by death

The fix was actually implemented a long time ago, I just didn't make the announcement.

27 thoughts on “March update of unpackers

  1. Avatar

    [+] MD5: cab4548622781e72424bc9391e114030
    [i] Molebox type: new (v4.4325..v4.5462)
    [i] Exact MoleboxVS version: UNKNOWN

    • Avatar

      I can't help you without seeing the file. Please upload it to mega.co.nz or mediafire.com and send me the link. I'll be happy to fix the problem.

  2. Avatar

    Why don't you unpack VMprotect? No talent sir? No skillz?

    All you can do is to unpack UPX like protections?

    Don't waste our time you dummy.

    • Avatar

      It's my blog and I write about things that interest *me*.

      If you don't like it, stop reading and go away. As simple as that.

  3. Avatar

    " I can't help you without seeing the file. Please upload it to mega.co.nz or mediafire.com and send me the link. I'll be happy to fix the problem "

    Link :
    {hidden link}

    Thanks

    • Avatar

      Thank you, I will look at it and fix the problem.

      EDIT: your file is protected using "Enable anti-crack features" switch. I know how to fix that but I will not have any free time this week. So, I'll look at that sometime next week.

  4. Avatar

    Hi Kao do you have time ? Can you check this file , i can't unpack it using your new version of demoleitionVS.
    Link :{hidden link}

    • Avatar

      That's because it's not protected with Molebox at all. It is using some custom "protection". :)

      There are 4 files inside:

      • actual htlauncher.exe
      • ClientLib.dll - contains ZIP with more files
      • gameguard.dll - probably some sort of anticheat
      • nvidiar.exe - some sort of anticheat? Very suspicious file.

      And inside the ZIP file there are:

      • serverlist.bin
      • system\HTMessage.txl
      • system\TantraParam.tpa
    • Avatar

      Your file is protected using Molebox VS "Enable anti-crack features" switch. I am working on a fix for that.

  5. Avatar

    That's because it's not protected with Molebox at all. It is using some custom "protection". :)

    There are 4 files inside:

    actual htlauncher.exe
    ClientLib.dll - contains ZIP with more files
    gameguard.dll - probably some sort of anticheat
    nvidiar.exe - some sort of anticheat? Very suspicious file.
    And inside the ZIP file there are:

    serverlist.bin
    system\HTMessage.txl
    system\TantraParam.tpa

    Kao what kind of packer they use ?

      • Avatar

        I don't speak your language, could you please use English?

        You did not upload full installation, so I cannot extract all files. I will fix my unpacker and publish it soon. Then you can extract the files yourself.

Leave a Reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

Your email address will not be published.

3  +  four  =