Hello every body.
i have a little problem with this file , i can't dump the program that have this string " Please Dump me ver 5 ".
can any body dump it.

i don't want any MUP , just please dump it , please ....

Mcafee doesn't recognize this as a virus, but be careful please! until someone determines this is appropriate forum content.

Thank you , but my first language isn't English so i can't understand something in you'r post but
this file have a protection method that we can't dump it , i need to know that can any body dump it or no , just this.
please try to dump it , please .

Can you tell us why are not you able to dump the file? What tools are you using?

i discovered that the first program run a dos ( Console ) application then console application run the main exe file .
all of files are in DATA.dat , i want to dump the third application but i can't.
all application that runs by clicking on run app button use "WriteProcessMemory" api .
i have this information about this exe file not more , please help me.

Hi

Some questions for you, answer them to the best of your ability.

What is it you want? Why don't you want any MUP, does this mean you don't want to learn? Why do you want someone to dump it for you?

Yes it can be dumped, are you willing to learn?


Have you ever used DeDe or IDA? If I told you you can set a breakpoint before the ResumeThread API that you can see in the TForm1_Button1Click procedure and dump the process there, would you know what I'm talking about, or care?

This is a place for learning to do these things, it's up to you to learn, not to ask others to do things for you. Do you understand this?

Regards,
Kayaker

I'm sorry , i think that request mup is't good , just this
because in an other forums i requested a mup for private exe protector 2.0 unpacking , they said to me " we haven't any time for creating mup".
but i haven't any bad consideration in requesting dumping file without mup. i am sorry.
and about your questions , i use OllyDBG 1.1 to debug this file and i found that this exe file first read a exe from DATA.dat file then write it to memory by WriteProcessMemory API , ( this exe file Packed with Mole Box 2.5.x ) , i can dump it successfully , the second exe file ( it's a console application ) run the third application from DATA.dat , ( also console application use WriteProcessMemory to run third App.) and i can dump it but it doesn't work , becuse third app use Nano Mit Tech. i need to khow how can i dump the third app that contain " please Dump me Ver 5 " lable.
i will thankful if you create a little MUP for my problem , please excuse me for my bad english.
Thank you.

Awwww... I love the way he say "please excuse me for my bad english."

I'd help him just to see that in a message again.

Have Phun

Thank you ;-)

Oh, MUP as in manual unpacker. I thought you meant MUP as in how to manually unpack. Damn I'm so gullible. Forget it, you're not going to get a MUP.

Actually, "gullible" is not a word

Am I supposed to believe that?

my imagination about mup for this file is that any body say how can i dump it !
not a SWF file to explain unpacking or more.

OK. I think I understand.
This is not a request for help. This is a crack-me type of challenge.
We have a chain of processes, Grandfather, father and son, and our friend Fh_prg wants to dump the son. Problem is that one or both daddies are acting as debuggers (Debug-block kind of trick) and also have hooked multiple APIs in several sytem dlls ntdll and PSAPI.dll (I don't have a complete list of hooks, I am not in my pow3r computer right now. . .) that are thwarting attempts to dump the image from memory using customary tools. What I would guess might work is using a ring 0 debugger: find the real memory addresses of the son process and dumping it as plain old bytes (You can always reconstruct the PE by hand later), without resourcing to low level API's to read a process memory. Another route would be to un-hook the hooks. . .

And OT, xenakis:

Merriam-Webster: Gullible -

Main Entry: gull·ible Variant(s): also gull·able \ˈgə-lə-bəl\
Function: adjective
Date: 1818 : easily duped or cheated
— gull·ibil·i·ty \ˌgə-lə-ˈbi-lə-tē\ noun
— gull·ibly \ˈgə-lə-blē\ adverb

So, "we" would have to be "gullible" to believe that "gullible" is not a word. Since it is derived from 1818, that's a very long time for you not have "discovered" it!!


Regards,

ot.
I am reading this forum for years now, and I must say i'am loving it. Especially when this funny posts come in... wd, and keep up.

Regards

here you are.
A raw dump of each section, and a full raw dump of the whole thing, for you to reconstruct a PE file from it.

Add on: The PE header in the full dump is destroyed. Use the PE header of the Grandfather o0r the father process (Which you can dump with no problem) instead.

Thank you very much , very very very very ... Much