Loveless Posted October 8, 2008 Share Posted October 8, 2008 Both are options. I prefer just dumping at VM OEP. No need to waste time rebuilding OEP then. Link to comment Share on other sites More sharing options...
Computer_Angel Posted October 8, 2008 Share Posted October 8, 2008 Hi Computer_Angel & Loveless,Thank you for all your clarifications. Just one more doubts to get cleared. Suppose in an Traget we find VM OEP we have to dump the target at VM OEP & we don't have to recover the stolen bytes ?OR We have to dump at OEP & then recover the stolen bytes ?CheersLorens!It's depend on you. But in my opinion, we couldn't sure the VM OEP is correct or not. Every VM part just start with a pair PUSH xxxx/JMP xxxx and maybe there're more asm instruction in that VM part, more than the orginal OEP.I would recover the stolen bytes if .. I could (this is my best choice) but it's up to you ^.^ Link to comment Share on other sites More sharing options...
ZenLoren Posted October 8, 2008 Share Posted October 8, 2008 Hi Computer_Angel & Loveless, Thanks for all the clarification. I agree with you Computer_Angel one should recover the stolen bytes if possible. Also the push / jmp things if we check in IDA is crossreferenced sooooo many times. Thanks once again for your kind help You guys rocks ! Cheers Lorens! Link to comment Share on other sites More sharing options...
Teddy Rogers Posted October 8, 2008 Share Posted October 8, 2008 Please follow and adhere to the topic title format - thank-you! Link to comment Share on other sites More sharing options...
quosego Posted October 8, 2008 Share Posted October 8, 2008 Hi Computer_Angel & Loveless,Thanks for all the clarification. I agree with you Computer_Angel one should recover the stolen bytes if possible. Also the push / jmp things if we check in IDA is crossreferenced sooooo many times. Thanks once again for your kind help You guys rocks ! Cheers Lorens! Only depends on your skill level.. Loveless can determine VM oeps with 100% certainty. Most people can't so for them it would be wise to rebuild.. For me it depends, I find a normal oep prettier but am often just lazy and use the VM oep.. Also some anitdump is occasionally used in the OEP then rebuilding is also required.. q, Link to comment Share on other sites More sharing options...
Computer_Angel Posted October 9, 2008 Share Posted October 9, 2008 Some fix for my scriptReplace all bpwm to bprm, you may stop at near OEP.Hope now you could use it for this target Link to comment Share on other sites More sharing options...
thisistest Posted October 13, 2008 Share Posted October 13, 2008 Themida.v2.0.3.0 CRACKMEThemida.v2.0.3.0__CRACKME.rar Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted October 13, 2008 Share Posted October 13, 2008 (edited) @Computer_AngelUr Script Does Not Work At My Own Target = / Packed Themida 2.0.3.0LCF-AT && Quesego Has Unpacked It Before,I Wont Say The Name Of The Program= / I Get Error On Line 87Text : je stopCare Help = ) Quesego or LCF-AT since you unpacked it before = )please dont say name of program due company protection.@ Pm Me Your MSN ; ) I Want Learn More = ) Edited October 13, 2008 by Guest Link to comment Share on other sites More sharing options...
LCF-AT Posted October 13, 2008 Share Posted October 13, 2008 @ themida.v2.0.3.0_Unpacked_.rar Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted October 14, 2008 Share Posted October 14, 2008 (edited) Thanks LCF-AT Edited November 14, 2008 by Guest Link to comment Share on other sites More sharing options...
Apakekdah Posted October 14, 2008 Share Posted October 14, 2008 (edited) Detected as a virus with my McAfee... Edit : i try it, but dunno can run or not in your pc.. http://www.zshare.net/download/205271505b90009e/orhttp://www.filefactory.com/file/a73590/n/Dumped1_zip Edited October 14, 2008 by Apakekdah Link to comment Share on other sites More sharing options...
ZenLoren Posted October 14, 2008 Share Posted October 14, 2008 ExtremeDevilzi was talking about computer_angel not working on a programI guess you should fix that by learning / digging more about themida.Cheers, Lorens! Link to comment Share on other sites More sharing options...
HSN.C3r Posted October 14, 2008 Share Posted October 14, 2008 (edited) Hi And here is my unpacked file(manually without any script) : This is easiest UnpackMe for Themida because the target is VB Note: After download , change compatibility of the file to Win98\Me ,it`s because of using manifest res. Themida.UnPackME_Unpacked_By_HSN.C3r.rar Edited October 14, 2008 by HSN.C3r Link to comment Share on other sites More sharing options...
LCF-AT Posted October 14, 2008 Share Posted October 14, 2008 @ HSN.C3r Ahhhhhh, now I can see the light (reason) why my unpacked file was not running on my system! It needs to change the compatibility of the unpacked file to win98.It works. So thanks for this good hint. greetz Link to comment Share on other sites More sharing options...
Sp1d3rZ Posted October 14, 2008 Author Share Posted October 14, 2008 @ HSN.C3r Hi dear, see ur unpacked file. Its not running on my system. dwwin error!!! Link to comment Share on other sites More sharing options...
Sp1d3rZ Posted October 14, 2008 Author Share Posted October 14, 2008 (edited) UnpackMe Working perfect. REALLY Apakekdah U R ROCK PERSON UnpackMe solved. Again thnx Apakekdah And thnx to HSN.C3r for Compatibility mode changing trick. Edited October 14, 2008 by Sp1d3rZ Link to comment Share on other sites More sharing options...
Apakekdah Posted October 16, 2008 Share Posted October 16, 2008 I'm just lucky... Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted October 16, 2008 Share Posted October 16, 2008 Hey Make A Tut Apakekdah,; ) LCF-AT Tut Too Fast Link to comment Share on other sites More sharing options...
Apakekdah Posted October 17, 2008 Share Posted October 17, 2008 What and Ahmed18 from AT4RE made a great tuts about themida... i was learing from him... this link tuts about themida by What http://www.tuts4you.com/download.php?view.1943 Ahmed18 tuts can be found in AT4RE forum.. LCF-AT tut it's not too fast, i think because he is using another trick... maybe that's why his tuts is too fast going into the OEP/Section Code... Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted October 23, 2008 Share Posted October 23, 2008 http://at4re.com/f/showthread.php?t=3741Is In Arab,I Dont Understand English Section There Is Non. Link to comment Share on other sites More sharing options...
CrApHeR Posted October 23, 2008 Share Posted October 23, 2008 [quote name=' Link to comment Share on other sites More sharing options...
Sp1d3rZ Posted October 24, 2008 Author Share Posted October 24, 2008 LOLZ tut not in english. Link to comment Share on other sites More sharing options...
best4free Posted October 25, 2008 Share Posted October 25, 2008 at4re down Link to comment Share on other sites More sharing options...
_ak47_ Posted December 28, 2008 Share Posted December 28, 2008 Hi guys and girls anyone have writing a tuto how unpack Themida v2.0.3.0 please shared Link to comment Share on other sites More sharing options...
_ak47_ Posted December 31, 2008 Share Posted December 31, 2008 (edited) no body have a tutorial ????? Edited December 31, 2008 by _ak47_ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now