Jump to content
Tuts 4 You

Archived

This topic is now archived and is closed to further replies.

sezar21m

[unpackme] themida 2.4

Recommended Posts

sezar21m

hi. Here is a new unpackme protected with themida 2.4

WITH MASTERPIECE you ENTOURAGE am

unpack_me.rar

Share this post


Link to post
Share on other sites
EvOlUtIoN

themida 2.4? never heard about it.

Share this post


Link to post
Share on other sites
EvOlUtIoN

Yeah, it is probably 2.0.4.0 or 2.0.5.0, also latest antidump are not present (and useless since after OEP VM is never executed).

Anyway here is unpacked and rebuilt file, except .mackt section and some realign this is just like original one.

Themida sections are gone, OEP is fully rebuilt.

unpacked_final.zip

Share this post


Link to post
Share on other sites
Apakekdah

Hi,

so it

Share this post


Link to post
Share on other sites
LCF-AT

Hi,

Remove the access violation hook {also the customs if set} and let the unpacked file run from the VM OEP.Now you will break at the AV.Now have a look at the pane window and register there you can see the address what it tries to read.So you will see the mem_address+DWORD is not there in your unpacked file so you have to fix this one with the right DWORD so the mem_address is not important in this case.Now if you not have closed your first Olly then have a look at the mem_address and see the right DWORD which you need for your unpacked file.You can also find this mem_address in your unpacked file in the TM section.So in this unpackme the address is dynamic and in other app

Share this post


Link to post
Share on other sites

×