Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[unpackme]Themida 2.0.3.0 - UnpackME

Sp1d3rZ
Sp1d3rZ
in UnPackMe

Featured Replies

Both are options. I prefer just dumping at VM OEP. No need to waste time rebuilding OEP then.

  • Replies 65
  • Views 45.2k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Hi Computer_Angel & Loveless,

Thank you for all your clarifications. Just one more doubts to get cleared. Suppose in an Traget we find VM OEP we have to dump the target at VM OEP & we don't have to recover the stolen bytes ?

OR

We have to dump at OEP & then recover the stolen bytes ?

Cheers

Lorens!

It's depend on you. But in my opinion, we couldn't sure the VM OEP is correct or not.

Every VM part just start with a pair PUSH xxxx/JMP xxxx and maybe there're more asm instruction in that VM part, more than the orginal OEP.

I would recover the stolen bytes if .. I could (this is my best choice) but it's up to you ^.^

Hi Computer_Angel & Loveless,

Thanks for all the clarification. I agree with you Computer_Angel one should recover the stolen bytes if possible. Also the push / jmp things if we check in IDA is crossreferenced sooooo many times.

Thanks once again for your kind help :) You guys rocks !

Cheers

Lorens!

Please follow and adhere to the topic title format - thank-you!

Hi Computer_Angel & Loveless,

Thanks for all the clarification. I agree with you Computer_Angel one should recover the stolen bytes if possible. Also the push / jmp things if we check in IDA is crossreferenced sooooo many times.

Thanks once again for your kind help :) You guys rocks !

Cheers

Lorens!

Only depends on your skill level.. Loveless can determine VM oeps with 100% certainty. Most people can't so for them it would be wise to rebuild..

For me it depends, I find a normal oep prettier but am often just lazy and use the VM oep..

Also some anitdump is occasionally used in the OEP then rebuilding is also required..

q,

Some fix for my script

Replace all bpwm to bprm, you may stop at near OEP.

Hope now you could use it for this target

@Computer_Angel

Ur Script Does Not Work At My Own Target = / Packed Themida 2.0.3.0

LCF-AT && Quesego Has Unpacked It Before,I Wont Say The Name Of The Program

= /

I Get Error On Line 87

Text : je stop

Care Help = ) Quesego or LCF-AT since you unpacked it before = )

please dont say name of program due company protection.

@ Pm Me Your MSN ; ) I Want Learn More = )

Edited by Guest

Thanks LCF-AT

Edited by Guest

Detected as a virus with my McAfee... :D

Edit : i try it, but dunno can run or not in your pc..

http://www.zshare.net/download/205271505b90009e/
or
http://www.filefactory.com/file/a73590/n/Dumped1_zip

Edited by Apakekdah

ExtremeDevilz

i was talking about computer_angel not working on a program
I guess you should fix that by learning / digging more about themida.

Cheers, Lorens!

Hi

And here is my unpacked file(manually without any script) :

This is easiest UnpackMe for Themida because the target is VB ;)

Note: After download , change compatibility of the file to Win98\Me ,it`s because of using manifest res.

Themida.UnPackME_Unpacked_By_HSN.C3r.rar

Edited by HSN.C3r

@ HSN.C3r

Ahhhhhh, :) now I can see the light (reason) why my unpacked file was not running on my system!

It needs to change the compatibility of the unpacked file to win98.It works.

So thanks for this good hint.

greetz

  • Author

@ HSN.C3r

Hi dear, see ur unpacked file. Its not running on my system.

dwwin error!!!

2vj2zqp.jpg

  • Author

UnpackMe Working perfect. REALLY Apakekdah U R ROCK PERSON :P

UnpackMe solved. Again thnx Apakekdah

And thnx to HSN.C3r for Compatibility mode changing trick.

Edited by Sp1d3rZ

I'm just lucky... :D

Hey Make A Tut Apakekdah,; ) LCF-AT Tut Too Fast

What and Ahmed18 from AT4RE made a great tuts about themida...

i was learing from him...

this link tuts about themida by What

http://www.tuts4you.com/download.php?view.1943

Ahmed18 tuts can be found in AT4RE forum..

LCF-AT tut it's not too fast, i think because he is using another trick...

maybe that's why his tuts is too fast going into the OEP/Section Code...

:wub:

http://at4re.com/f/showthread.php?t=3741

Is In Arab,I Dont Understand English Section There Is Non.

[quote name='

  • Author

LOLZ tut not in english. ;)

at4re down

  • 2 months later...

Hi guys and girls anyone have writing a tuto how unpack Themida v2.0.3.0 please shared

no body have a tutorial ????? <_<

Edited by _ak47_

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.