EvOlUtIoN Posted June 4, 2009 Posted June 4, 2009 Here is an unpackme of TheMida 2.0.8.0 It is similar to previous one, except that it is not hardware locked, so should be easier to unpack. The only thing is that it has a RISC VM, so it will be harder to dump. Goal is just to upack it. Good luck. TheMida_2080_unpackme.zip
EvOlUtIoN Posted June 4, 2009 Author Posted June 4, 2009 I tested it on win2000 and win xp sp1 and sp2...
quosego Posted June 5, 2009 Posted June 5, 2009 Sorry evolution but it seems this is a Winlicense protected app. 723093 ---------------[Extracted info]-----------------723093 --- WinLicense Professional ---723093 --- (c)2009 Oreans Technologies ---723093 Version; 2.0.7.0 or above723093 ------------------------------------------------ Not that it matters to much in unpacking terms there's little difference. q.
EvOlUtIoN Posted June 5, 2009 Author Posted June 5, 2009 I should say winlicense without registration instead of themida.
a__p Posted June 5, 2009 Posted June 5, 2009 Sorry evolution but it seems this is a Winlicense protected app. 723093 ---------------[Extracted info]-----------------723093 --- WinLicense Professional ---723093 --- (c)2009 Oreans Technologies ---723093 Version; 2.0.7.0 or above723093 ------------------------------------------------ Not that it matters to much in unpacking terms there's little difference. q. Is WinLicense 2080 ?
LCF-AT Posted June 22, 2009 Posted June 22, 2009 Hello,so today I have unpacked this unpackme and it also runTheMida_2080_unpackme_Unpacked.rar
quosego Posted June 22, 2009 Posted June 22, 2009 Doesn't run at my place XP SP3.. Shouldn't run on any other either.. Crashes on the multithreading sleep api which hasn't been fixed to well the sleep api.. 00805B41 FF95 2123770A CALL DWORD PTR SS:[EBP+A772321] must be a call to kernel32.sleep. q.
LCF-AT Posted June 22, 2009 Posted June 22, 2009 @ DizzY_D Is it now running on your Vista without this one API fix or was it joke?!Ah and thanks quosego for the Sleep API info so I have it also not seen.So then the others have to change 00805B41 CALL DWORD PTR SS:[EBP+A772321]to 00805B41 CALL DWORD PTR DS:[4040E0] ; kernel32.SleepThen it should work.Just make this change if my Unpacked file not runs on your system and then you can also tell us whether it was then running after the change on your system so maybe this can also be a important point for the next time.Ahh Zool@nder,what it runs for you.Good and also thank you people for testing this file.greetz
xsp!d3r Posted June 22, 2009 Posted June 22, 2009 (edited) it works here too xp sp3 Edited June 22, 2009 by Xsp!d3r
quosego Posted June 22, 2009 Posted June 22, 2009 After the fix it works, fine.. Indeed nice work. Though I must admit I recognize quite alot of my code.. Also the attached kernel32.dll in the last section can be removed q.
r00t_H@ck3r Posted June 23, 2009 Posted June 23, 2009 Themida/WinLicense VM TranslaterWill it ever be public :'(how do some files know if we are running unpack or not unpack ?? Is there a kernel mode hook or anything ?
r00t_H@ck3r Posted June 24, 2009 Posted June 24, 2009 (edited) It take quesogo or LCF-AT to make a script or a program I must say DeathWay tool is good but alot of people have no clue on how to use it,I have been asking the Thread starter repeatly to make a tut,but I guess it is not getting hear and there nothing I can do I did try to figure out how to use it but I got stuck Edited June 24, 2009 by Lithium
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now