TQ packed their conquer.exe

Page 1 of 2 1 2
12/19/2008 12:30 intelman#1
in new patch 5088, TQ has patched their conquer.exe. I cant find what is that pack, some program let me know "ChinaProtect --> dummy",....
Can anyone tell me about a unpacker can unpack this packer ?:confused:
12/19/2008 13:31 Hiyoal#2
It hasnt been packed. Nothing picked up by PEiD.

Hiyoal
12/19/2008 13:53 David5646#3
Quote:
Originally Posted by Hiyoal View Post
It hasnt been packed. Nothing picked up by PEiD.

Hiyoal
Well they did something See

[Only registered and activated users can see links. Click Here To Register...]
12/19/2008 13:54 TmT-sibrand#4
Well, i can't hex edit Conquer.exe anymore to make multiclient (edit English blablabla) cuz its written in.... idk :P
12/19/2008 14:19 WHITELIONX#5
Same problem here there is NO English to change >.< However if you use cid proxy it CAN still be done lol but its so damn laggy that three chars will just cause annoyance
12/19/2008 15:13 tanelipe#6
It's packed, PEID doesn't pick it up so I believe it's something less used encryption. :P
12/19/2008 17:06 intelman#7
I used VMunpacker and get that was packed by packer "ChinaProtect -> dummy [Overlay]" <===> Can't unpack
Here is the image.

[Only registered and activated users can see links. Click Here To Register...]
12/19/2008 17:34 high6#8
1 sec, ill check it out.
12/19/2008 18:24 Sk1nny#9
this is the only real reference I can find to china protect

Quote:
[ChinaProtect -> dummy * Sign.By.fly]
signature = C3 E8 ?? ?? ?? ?? B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 30 C3 B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 30 C3 B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 30 C3 B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 30 C3 56 8B ?? ?? ?? 6A 40 68 00 10 00 00 8D ?? ?? 50 6A 00 E8 ?? ?? ?? ?? 89 30 83 C0 04 5E C3 8B 44 ?? ?? 56 8D ?? ?? 68 00 40 00 00 FF 36 56 E8 ?? ?? ?? ?? 68 00 80 00 00 6A 00 56 E8 ?? ?? ?? ?? 5E C3
ep_only = false
Signature based encryption I think.
12/19/2008 22:41 Hiyoal#10
Fair enough, stand corrected. Im glad I know why though.

Hiyoal
12/19/2008 23:04 iliveoncaffiene#11
Time to scour the web (google isn't even turning up results for a chinaprotect program)
12/19/2008 23:47 Pindle#12
No longer packed in 5089
12/20/2008 00:24 Sk1nny#13
Quote:
Originally Posted by Pindle View Post
No longer packed in 5089
HAHAHAHAHAHA sweet!
You Know how many of Virus scanners would have deleted that, that was a bad move, good thing they fixed it.
12/20/2008 00:44 taelech#14
Quote:
Originally Posted by Pindle View Post
No longer packed in 5089
hehe was about to post it :P
12/20/2008 01:28 intelman#15
Quote:
Originally Posted by Pindle View Post
No longer packed in 5089
Nice to hear that.
Yeah now it isn't packed anymore in 5089, hope they wont patch it in the future.
Page 1 of 2 1 2