Now my unpacker detects Enigma Protector and nicely explains to user that's it's not the same as Enigma Virtual Box. Something like this:
Hopefully now users will stop confusing those 2 products. smile
Download link: Please get latest version from this post
Recently, several people sent me bug reports where my EnigmaVB unpacker failed to extract files. In all cases, the problem was caused by really large files, like 3.5GB in size. So, what's causing the problem?
EnigmaVB unpacker is a 32bit application written in Delphi. And Delphi streams are retarded. They look like they've been written in 1990s and were never updated. TMemoryStream uses a continuous memory range, so it can never support anything larger than 2GB. TFileStream internally uses longint, so it doesn't properly support files larger than 2GB. WTF?
So, I have two choices. I can either make a custom stream class in Delphi, or I can pick another framework and rewrite my tool to use that.
I'm not a programmer, I'm a reverser. I don't want to spend my time developing custom stream classes. I'd very much rather use this time breaking some code. So, say hello to .NET framework - my next version of EnigmaVB unpacker will be made in C#.. smile
While researching all the Delphi limitations and possible workarounds, I ran into this great article by Scott Hanselman. Reading both the post and the comments made me think a lot.
Does using Google to solve your programming tasks makes you less of a programmer? I don't think so.
In fact, I'm just lazy. Most people are. Why should I spend 30 minutes remembering basic algorithms for converting string to hex, if Google query can solve it in 10 seconds? Why reinvent the wheel and write CRC calculation from scratch? I'll just open StackOverflow and have a solution that's already tried and tested. It doesn't mean I can't do those boring tasks - I just don't want to.
How about you? Would you be able to write some tools without using Google and StackOverflow?
Users can't read.
Or maybe they don't want to read. I don't know.
But one thing I know for sure - you must make your tools foolproof. If your tool is showing an error message, make sure even your grandma could understand it. Otherwise you'll be getting lots and lots of invalid bug reports.
For example, this is the error message my EnigmaVB unpacker used to show (as reported by ho3ein at Tuts4You):
It seemed to be very clear to me. First, tool tells user all the versions of Enigma Virtual Box it supports. Then tool explains that it expects to see a PE section with a name ".enigma2" but it found section with a name ".rsrc" instead. To me it's absolutely clear what happened: this file is not protected with Enigma Virtual Box (or it's hacked).
But you won't believe how many times this gets reported as a bug.
There was a similar problem with Meltdown. It clearly stated which versions of DeepFreeze it supports. Then it printed the detected DeepFreeze version. However, the error message didn't explicitly say "This version of DeepFreeze is not supported", it said "DeviceIoControl failed." It makes perfect sense from developer's point of view, but apparently is very confusing for users.
So, here are improved versions of my tools, fixing the error messages and some other stuff..
First of all, I fixed the error message. I also added detection and tested compatibility with the latest EnigmaVB v7.40. Hopefully, this will make users happier and less confused. smile
Meltdown 1.7 fixes confusing error message with DeepFreeze Standard v8.x. Thanks to Alexander for reporting it.
I also took a closer look at DeepFreeze Enterprise versions and found a way to make Meltdown more user friendly. If DeepFreeze Enterprise v7.20+ is detected, Meltdown will get OTP Token automatically and immediately generate correct password.
Enigma Virtual Box Unpacker: Please get latest version from this post
Meltdown v1.7: https://www.mediafire.com/?b0bamd3t2d6bbkq
Here comes a new version. Again. smile
I added support for Enigma Virtual Box 7.30, (hopefully) fixed all issues with very long filenames and fixed an issue with processing command-line.
Thanks to ManOfWar for constantly supplying new challenges and parrot for bringing my attention to a bug with command-line.
Download link: Please get latest version from this post
Here comes a new version. smile This time I added support for unpacking external packages. "External packages" are data files that can be loaded by Enigma Virtual Box and can contain both embedded files and registry entries.
I also made my unpacker 100% Unicode-aware - there should not be any more problems with non-english filenames. But I had to switch to Delphi 2009 compiler to do this, so there might be some unexpected bugs lurking around.
And, of course, lots of internal bugs had to be fixed. My code is not perfect, you know! wink
Download link: Please get latest version from this post
P.S. Thanks to Manofwar for giving me few example files for development & testing!
Last few weeks have been really hectic. I moved to a new apartment, so lots of time was spent on packing, unpacking, cleaning, and other non-computer related chores. Finally it's done, I got a great new place to live and I'm happy. smile
To relax and get back into shape, I spent an evening with one of my old projects - Enigma Virtual Box unpacker. I fixed few little bugs and added support for x64 executables.
Get it here: Please get latest version from this post