Loveless Posted October 8, 2008 Posted October 8, 2008 Both are options. I prefer just dumping at VM OEP. No need to waste time rebuilding OEP then.
Computer_Angel Posted October 8, 2008 Posted October 8, 2008 Hi Computer_Angel & Loveless,Thank you for all your clarifications. Just one more doubts to get cleared. Suppose in an Traget we find VM OEP we have to dump the target at VM OEP & we don't have to recover the stolen bytes ?OR We have to dump at OEP & then recover the stolen bytes ?CheersLorens!It's depend on you. But in my opinion, we couldn't sure the VM OEP is correct or not. Every VM part just start with a pair PUSH xxxx/JMP xxxx and maybe there're more asm instruction in that VM part, more than the orginal OEP.I would recover the stolen bytes if .. I could (this is my best choice) but it's up to you ^.^
ZenLoren Posted October 8, 2008 Posted October 8, 2008 Hi Computer_Angel & Loveless, Thanks for all the clarification. I agree with you Computer_Angel one should recover the stolen bytes if possible. Also the push / jmp things if we check in IDA is crossreferenced sooooo many times. Thanks once again for your kind help You guys rocks ! Cheers Lorens!
Teddy Rogers Posted October 8, 2008 Posted October 8, 2008 Please follow and adhere to the topic title format - thank-you!
quosego Posted October 8, 2008 Posted October 8, 2008 Hi Computer_Angel & Loveless,Thanks for all the clarification. I agree with you Computer_Angel one should recover the stolen bytes if possible. Also the push / jmp things if we check in IDA is crossreferenced sooooo many times. Thanks once again for your kind help You guys rocks ! Cheers Lorens! Only depends on your skill level.. Loveless can determine VM oeps with 100% certainty. Most people can't so for them it would be wise to rebuild.. For me it depends, I find a normal oep prettier but am often just lazy and use the VM oep.. Also some anitdump is occasionally used in the OEP then rebuilding is also required.. q,
Computer_Angel Posted October 9, 2008 Posted October 9, 2008 Some fix for my scriptReplace all bpwm to bprm, you may stop at near OEP.Hope now you could use it for this target
thisistest Posted October 13, 2008 Posted October 13, 2008 Themida.v2.0.3.0 CRACKMEThemida.v2.0.3.0__CRACKME.rar
r00t_H@ck3r Posted October 13, 2008 Posted October 13, 2008 (edited) @Computer_AngelUr Script Does Not Work At My Own Target = / Packed Themida 2.0.3.0LCF-AT && Quesego Has Unpacked It Before,I Wont Say The Name Of The Program= / I Get Error On Line 87Text : je stopCare Help = ) Quesego or LCF-AT since you unpacked it before = )please dont say name of program due company protection.@ Pm Me Your MSN ; ) I Want Learn More = ) Edited October 13, 2008 by Guest
r00t_H@ck3r Posted October 14, 2008 Posted October 14, 2008 (edited) Thanks LCF-AT Edited November 14, 2008 by Guest
Apakekdah Posted October 14, 2008 Posted October 14, 2008 (edited) Detected as a virus with my McAfee... Edit : i try it, but dunno can run or not in your pc.. http://www.zshare.net/download/205271505b90009e/orhttp://www.filefactory.com/file/a73590/n/Dumped1_zip Edited October 14, 2008 by Apakekdah
ZenLoren Posted October 14, 2008 Posted October 14, 2008 ExtremeDevilzi was talking about computer_angel not working on a programI guess you should fix that by learning / digging more about themida.Cheers, Lorens!
HSN.C3r Posted October 14, 2008 Posted October 14, 2008 (edited) Hi And here is my unpacked file(manually without any script) : This is easiest UnpackMe for Themida because the target is VB Note: After download , change compatibility of the file to Win98\Me ,it`s because of using manifest res. Themida.UnPackME_Unpacked_By_HSN.C3r.rar Edited October 14, 2008 by HSN.C3r
LCF-AT Posted October 14, 2008 Posted October 14, 2008 @ HSN.C3r Ahhhhhh, now I can see the light (reason) why my unpacked file was not running on my system! It needs to change the compatibility of the unpacked file to win98.It works. So thanks for this good hint. greetz
Sp1d3rZ Posted October 14, 2008 Author Posted October 14, 2008 @ HSN.C3r Hi dear, see ur unpacked file. Its not running on my system. dwwin error!!!
Sp1d3rZ Posted October 14, 2008 Author Posted October 14, 2008 (edited) UnpackMe Working perfect. REALLY Apakekdah U R ROCK PERSON UnpackMe solved. Again thnx Apakekdah And thnx to HSN.C3r for Compatibility mode changing trick. Edited October 14, 2008 by Sp1d3rZ
r00t_H@ck3r Posted October 16, 2008 Posted October 16, 2008 Hey Make A Tut Apakekdah,; ) LCF-AT Tut Too Fast
Apakekdah Posted October 17, 2008 Posted October 17, 2008 What and Ahmed18 from AT4RE made a great tuts about themida... i was learing from him... this link tuts about themida by What http://www.tuts4you.com/download.php?view.1943 Ahmed18 tuts can be found in AT4RE forum.. LCF-AT tut it's not too fast, i think because he is using another trick... maybe that's why his tuts is too fast going into the OEP/Section Code...
r00t_H@ck3r Posted October 23, 2008 Posted October 23, 2008 http://at4re.com/f/showthread.php?t=3741Is In Arab,I Dont Understand English Section There Is Non.
_ak47_ Posted December 28, 2008 Posted December 28, 2008 Hi guys and girls anyone have writing a tuto how unpack Themida v2.0.3.0 please shared
_ak47_ Posted December 31, 2008 Posted December 31, 2008 (edited) no body have a tutorial ????? Edited December 31, 2008 by _ak47_
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now