01 Mar

March update of unpackers

Enigma VirtualBox unpacker

  • Unpacker will refuse to run if there is not enough space in TMP folder and/or in working directory
  • PE header size was calculated incorrectly in some cases
  • TLS directory was not detected correctly for some files

Setting TMP folder to a RAM drive was a good idea in 1990s. Now it's year 2019 and you can't manage virtual memory better than Windows already do. But some people apparently still try, so I added checks to stop them from shooting themselves in the foot.

Molebox VS unpacker

  • Added support for a very old version on Molebox VS, as reported by death

The fix was actually implemented a long time ago, I just didn't make the announcement.

36 thoughts on “March update of unpackers

  1. Avatar

    [+] MD5: cab4548622781e72424bc9391e114030
    [i] Molebox type: new (v4.4325..v4.5462)
    [i] Exact MoleboxVS version: UNKNOWN

    • Avatar

      I can't help you without seeing the file. Please upload it to mega.co.nz or mediafire.com and send me the link. I'll be happy to fix the problem.

  2. Avatar

    Why don't you unpack VMprotect? No talent sir? No skillz?

    All you can do is to unpack UPX like protections?

    Don't waste our time you dummy.

    • Avatar

      It's my blog and I write about things that interest *me*.

      If you don't like it, stop reading and go away. As simple as that.

  3. Avatar

    " I can't help you without seeing the file. Please upload it to mega.co.nz or mediafire.com and send me the link. I'll be happy to fix the problem "

    Link :
    {hidden link}

    Thanks

    • Avatar

      Thank you, I will look at it and fix the problem.

      EDIT: your file is protected using "Enable anti-crack features" switch. I know how to fix that but I will not have any free time this week. So, I'll look at that sometime next week.

  4. Avatar

    Hi Kao do you have time ? Can you check this file , i can't unpack it using your new version of demoleitionVS.
    Link :{hidden link}

    • Avatar

      That's because it's not protected with Molebox at all. It is using some custom "protection". :)

      There are 4 files inside:

      • actual htlauncher.exe
      • ClientLib.dll - contains ZIP with more files
      • gameguard.dll - probably some sort of anticheat
      • nvidiar.exe - some sort of anticheat? Very suspicious file.

      And inside the ZIP file there are:

      • serverlist.bin
      • system\HTMessage.txl
      • system\TantraParam.tpa
    • Avatar

      Your file is protected using Molebox VS "Enable anti-crack features" switch. I am working on a fix for that.

  5. Avatar

    That's because it's not protected with Molebox at all. It is using some custom "protection". :)

    There are 4 files inside:

    actual htlauncher.exe
    ClientLib.dll - contains ZIP with more files
    gameguard.dll - probably some sort of anticheat
    nvidiar.exe - some sort of anticheat? Very suspicious file.
    And inside the ZIP file there are:

    serverlist.bin
    system\HTMessage.txl
    system\TantraParam.tpa

    Kao what kind of packer they use ?

      • Avatar

        I don't speak your language, could you please use English?

        You did not upload full installation, so I cannot extract all files. I will fix my unpacker and publish it soon. Then you can extract the files yourself.

  6. Avatar

    Thanks for release the nice tool
    However, i got some error.
    Please help me or give me advice.
    I used your demoleiton v0.60.

    {hidden link}

    And, if you want send the fixed files, please send my e-mails : {hidden link}

    Thanks pro kao.

    • Avatar

      Your file is broken. You did not unpack Enigma Protector correctly - and therefore my unpacker cannot do its job.

  7. Avatar

    [+] MD5: 580d93fd2f4b2a0ef050e92fd0a55757
    [i] Molebox type: very old (v4.1394..v4.2062)
    [x] EXCEPTION EOutOfMemory

    • Avatar

      As always - I can't help you without seeing the file. Please upload it to Mega.co.nz or mediafire.com, send me the link and I'll fix the bug.

  8. Avatar

    >Unpacker will refuse to run if there is not enough space in TMP folder and/or in working directory

    0.56 doesn't work with Wine anymore (4.0/4.9). It's possible to run unpacked software in native NW.js, so I use it for that. My /tmp is tmpfs as well, but that's not the problem here. Would be great if you could fix it, thank you.

    • Avatar

      I just tested it under Ubuntu 18.04.2 and Wine 4.0.1 - it works just fine.
      enigmavb unpacker in wine

      Could you provide me with more details about your system and how you run the unpacker? df -l and wine output during the execution + screenshots from winecfg would be a good start. Otherwise there is not much I can do - it works for me.

      • Avatar

        Sorry, my whole system (most of it) might be currently located in RAM, so that can possibly be the reason. This is the first time there is such a problem, I'm not sure what to think about it. Should I mention that previous version works perfectly fine?

        Here's some info:

        ~ $ df -l
        Filesystem 1K-blocks Used Available Use% Mounted on
        devtmpfs 10240 0 10240 0% /dev
        shm 4078724 10752 4067972 1% /dev/shm
        tmpfs 4078724 1018776 3059948 25% /run
        /dev/sdb1 3410408 2618988 791420 77% /run/initramfs/live
        /dev/loop0 2538880 2538880 0 100% /run/initramfs/squashfs
        none 4078724 1018776 3059948 25% /
        cgroup_root 10240 0 10240 0% /sys/fs/cgroup
        none 4078724 12 4078712 1% /run/user/1000
        none 4078724 0 4078724 0% /run/user/0

Leave a Reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

Your email address will not be published.

3  ×   =  three