Log in

View Full Version : RE-Dump 1.0

Crk
04-08-2004, 03:54 AM
just wanted to say thanks to SandMat for such great tool .. however is failing to Dump files protected with Xtreme Protector (XPROT) ..it fails like all dumpers outhere .. i can't believe there's not tool or dumpers that can defeat this protector ... i think you guys are great and might be able to do it..

i think this is a real Reverse Engineering Challenge ....

here are a couple of targets to play with --->>

hxxp://www.handycafe.com/files/handysetup.exe

hxxp://www.jazler.com (Jazler XP)

Note that this is not a crack request ..and i'm interested on just dumping those targets from memory since all dumpers outhere just crash.. ;(

is it possible and updated version for Re-dump able to do this job?


Regards
Crk
04-08-2004, 04:26 AM
i'll hope my request will be consider since noone has ever done this.. as i said .i do believe it's a real Reverse Engineering Challenge.

Best Regards
sna
04-11-2004, 10:13 AM
hi.

you need to access the memory of interest from inside the owning context.
there are fancier ways to do this, but you could highjack a thread native to the context or create a new one.

regards, sna
AndreaGeddon
04-11-2004, 02:51 PM
xprotector is really a hard challenge! What version is applied to the programs you posted? The last version is really hard to dump, a friend of mines told me that via driver it hooks normal ipc methods, it even hooks devicephysicalmemory to avoid the dump. I was working on the xprotector suite itself, but atm i have little time to spend on it :(
However i will try to look at those apps. I think that the first thing you should do is to work on the driver (to avoid pc crashes) etc.
Bye!
AndreaGeddon
Crk
04-20-2004, 12:34 AM
i see the programs packed with this protector made a file in C:WindowsXprotector.vxd

i can't do nothing about it.. and neither analize this...damn! i'm just a newbie .. iam here asking for any possible help or tips on how to Dump this Beast .. or a tool which can handle this packer :cry:

imagine many programs using this.. i can't believe no coder has take care of this matter.. i know most be hard and really a challenge but there has to be a way.... AndreaGeddon imagine you defeat it at least for been able to code a tool to dump this... you'll be Famous 8) for the version used on these programs .. i believe most be latest one 1.07x i guess...

Regards