here is my tutorial regarding unpacking of PC Guard:

http://www.zshare.net/download/2790110485bf03/


Cheers


Orthodox

Thanks for sharing with our readers!

Regards,

Jesus would be proud. Nice clean tut btw.

Not bad for a first try, right? I've found that the PDF is best viewed at 133% magnification to preserve the quality of the images, but what did you do to the images in the first place? I advise you next time to not try to stretch or shrink them...
I'd like to see you try unpacking malware using that method

Have you tried looking at the actual encryption routine itself? Would be a lot easier (and safer) to decrypt offline instead of during live execution. It looks like a very simple algorithm from the images you've supplied -- push the number of bytes to be transformed, call the function to transform the bytes after/before the call for en/decryption.

Haven't done anything to the image, probably it depends on your monitor size and screen resolution.
-To decrypt it offline it would take a lot of time because its a big piece of code that its decrypted, and also a lot of calls too, which have different code and since I'm not playing with malware for me its OK.

Cheers

Orthodox

That's why you are using Virtual Machine right?

The new Malwares detect the fucking VM and refuse to unpack

wait a minute, if it is wraped with some of public protections, why wouldn't protection layer run in VM. As far as I know, only themida has option "VM compatibility" or something like that.

No, hex editor

http://www.woodmann.com/forum/showthread.php?t=10306

looks nicer then IDA