Jump to content
Tuts 4 You
Sign in to follow this  
sezar21m

[unpackme] themida 2.4

Rate this topic

Recommended Posts

sezar21m

hi. Here is a new unpackme protected with themida 2.4

WITH MASTERPIECE you ENTOURAGE am

unpack_me.rar

Share this post


Link to post
Share on other sites
EvOlUtIoN

themida 2.4? never heard about it.

Share this post


Link to post
Share on other sites
EvOlUtIoN

Yeah, it is probably 2.0.4.0 or 2.0.5.0, also latest antidump are not present (and useless since after OEP VM is never executed).

Anyway here is unpacked and rebuilt file, except .mackt section and some realign this is just like original one.

Themida sections are gone, OEP is fully rebuilt.

unpacked_final.zip

Edited by EvOlUtIoN (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites
Apakekdah

Hi,

so it

Share this post


Link to post
Share on other sites
LCF-AT

Hi,

Remove the access violation hook {also the customs if set} and let the unpacked file run from the VM OEP.Now you will break at the AV.Now have a look at the pane window and register there you can see the address what it tries to read.So you will see the mem_address+DWORD is not there in your unpacked file so you have to fix this one with the right DWORD so the mem_address is not important in this case.Now if you not have closed your first Olly then have a look at the mem_address and see the right DWORD which you need for your unpacked file.You can also find this mem_address in your unpacked file in the TM section.So in this unpackme the address is dynamic and in other app

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×