Jump to content
Tuts 4 You

[unpackme]TheMida 2.0.8.0

EvOlUtIoN

By EvOlUtIoN
in UnPackMe

 Share

Recommended Posts

EvOlUtIoN

EvOlUtIoN

Posted
Posted

Here is an unpackme of TheMida 2.0.8.0

It is similar to previous one, except that it is not hardware locked, so should be easier to unpack.

The only thing is that it has a RISC VM, so it will be harder to dump.

Goal is just to upack it. ;)

Good luck.

TheMida_2080_unpackme.zip

Link to comment
Share on other sites
quosego

quosego

Posted
Posted

Sorry evolution but it seems this is a Winlicense protected app. :)

723093	 ---------------[Extracted info]-----------------
723093	 ---		WinLicense Professional		   ---
723093	 ---	  (c)2009 Oreans Technologies		 ---
723093			   Version; 2.0.7.0 or above
723093	 ------------------------------------------------

Not that it matters to much in unpacking terms there's little difference.

q.

Link to comment
Share on other sites
a__p

a__p

Posted
Posted
Sorry evolution but it seems this is a Winlicense protected app. :)
723093	 ---------------[Extracted info]-----------------
723093	 ---		WinLicense Professional		   ---
723093	 ---	  (c)2009 Oreans Technologies		 ---
723093			   Version; 2.0.7.0 or above
723093	 ------------------------------------------------

Not that it matters to much in unpacking terms there's little difference.

q.

Is WinLicense 2080 ?

post-31786-1244246327_thumb.jpg

Link to comment
Share on other sites
  • 3 weeks later...
quosego

quosego

Posted
Posted

Doesn't run at my place XP SP3.. Shouldn't run on any other either..

Crashes on the multithreading sleep api which hasn't been fixed to well the sleep api.. :)

00805B41 FF95 2123770A CALL DWORD PTR SS:[EBP+A772321]

must be a call to kernel32.sleep.

q.

Link to comment
Share on other sites
LCF-AT

LCF-AT

Posted
Posted

@ DizzY_D

Is it now running on your Vista without this one API fix or was it joke?!

Ah and thanks quosego for the Sleep API info so I have it also not seen.

So then the others have to change 

00805B41  CALL DWORD PTR SS:[EBP+A772321]
to 
00805B41  CALL DWORD PTR DS:[4040E0]  ; kernel32.Sleep

Then it should work.Just make this change if my Unpacked file not runs on your system and then you can also tell us whether it was then running after the change on your system so maybe this can also be a important point for the next time.

Ahh Zool@nder,what it runs for you.Good and also thank you people for testing this file.

greetz

Link to comment
Share on other sites
quosego

quosego

Posted
Posted

After the fix it works, fine.. Indeed nice work.

Though I must admit I recognize quite alot of my code.. ;)

Also the attached kernel32.dll in the last section can be removed

q.

Link to comment
Share on other sites
r00t_H@ck3r

r00t_H@ck3r

Posted
Posted

Themida/WinLicense VM Translater

Will it ever be public :'(

how do some files know if we are running unpack or not unpack ??

Is there a kernel mode hook or anything ?

Link to comment
Share on other sites
r00t_H@ck3r

r00t_H@ck3r

Posted
Posted (edited)

It take quesogo or LCF-AT to make a script or a program

I must say DeathWay tool is good but alot of people have no clue on how to use it,I have been asking the Thread starter repeatly to make a tut,but I guess it is not getting hear :meeting:

and there nothing I can do I did try to figure out how to use it but I got stuck :(

Edited by Lithium
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...