[unpackme] themida 2.4

[sezar21m]

hi. Here is a new unpackme protected with themida 2.4

WITH MASTERPIECE you ENTOURAGE am

unpack_me.rar

[EvOlUtIoN]

themida 2.4? never heard about it.

[LCF-AT]

Hi,

so it

[EvOlUtIoN]

Yeah, it is probably 2.0.4.0 or 2.0.5.0, also latest antidump are not present (and useless since after OEP VM is never executed).

Anyway here is unpacked and rebuilt file, except .mackt section and some realign this is just like original one.

Themida sections are gone, OEP is fully rebuilt.

unpacked_final.zip

Edited September 1, 2009 by EvOlUtIoN

[Apakekdah]

Hi,

so it

[LCF-AT]

Hi,

Remove the access violation hook {also the customs if set} and let the unpacked file run from the VM OEP.Now you will break at the AV.Now have a look at the pane window and register there you can see the address what it tries to read.So you will see the mem_address+DWORD is not there in your unpacked file so you have to fix this one with the right DWORD so the mem_address is not important in this case.Now if you not have closed your first Olly then have a look at the mem_address and see the right DWORD which you need for your unpacked file.You can also find this mem_address in your unpacked file in the TM section.So in this unpackme the address is dynamic and in other app