Posted November 4, 200915 yr Protection Options for ok.exe-----------------------------Macros Information------------------VM Macros: 0CodeReplace Macros: 0ENCRYPT Macros: 0CLEAR Macros: 0CHECK_PROTECTION Macros: 0CHECK_CODE_INTEGRITY Macros: 0CHECK_VIRTUAL_PC Macros: 0Protection Options------------------Anti-Debugger: AdvancedAnti-Dumpers: DISABLEDEntry Point Ofuscation: ENABLEDResource Encryption: ENABLEDVMWare compatible: ENABLEDAPI-Wrapping Level: Level 2Anti-Patching: File Patch (sign support)Metamorph Security: ENABLEDMemory Guard: ENABLEDWhen Debugger Found: Display MessageApplication compression: ENABLEDResources compression: ENABLEDSecureEngine compression: ENABLEDAnti-File Monitor: ENABLEDAnti-Registry Monitor: ENABLEDDelphi/BCB form protection: ENABLEDVirtual Machine Settings------------------------Number of Virtual APIs wrapped: 0API Virtualization Level: 3Entry Point Virtualization: 15 instructionsMulti Branch Technology: DISABLEDVirtual Machine Processor: Mutable CISC processorNumber of CPUs: 1Opcode Type: Metamorphic - Level 2Dynamic Opcode: 20% DynamicAdvanced Protection Options---------------------------Encrypt Application: ENABLEDDLL plugin: DISABLEDHide from PE scanners: Standard.NET assemblies: ENABLEDActive Context: DISABLEDAdd Manifest: Don't add manifestXBundler files--------------No files to bundlethis is test [unPackMe]Themida2100 md5 fe715e2d6c58cf8e0359483bceef3585Themida2100.rar Edited November 4, 200915 yr by thisistest
November 4, 200915 yr OMG This hard,I hope anyone who unpack this can write a tutseems like any script fails this and I dont know the method of manually unpacking it
November 4, 200915 yr Just trying begginer luck,dunno if this can run in your machine..http://www.zshare.net/download/679640760063834c/
November 4, 200915 yr Hello,here my unpacked file.Tested under XP & win2000.Should also work for you.greetzThemida2100_Unpacked.rar
November 4, 200915 yr Here is mine one.I have to say that this is a very very easy target, cause nothing is virtualized or obfuscated except the oep. So i can rebuild oep and completely remove themida section. And also no antidump is really used here, so an unpackme can be done better.Themida2100_unpacked.rar
November 5, 200915 yr Hello, here my unpacked file.Tested under XP & win2000.Should also work for you. greetz LCF-AT You ROCKSSSSSSSSSSSSSS
November 5, 200915 yr Hmmm indeed not that special.. I wonder what has happend to the oreans people.. They used to be a lot more responsive.. Perhaps they are coding something new.. Because they sure as hell ain't investing their time in updates.
November 5, 200915 yr I can't see any difference from 2.0.8.0 to 2.1.0.0. Don't know on winlicense protection, but i don't think so.
November 5, 200915 yr Protection wise they obfuscated VM entry.. But that's about it... Which is about as useful as adding a please do not crack sign in the PE header.
November 5, 200915 yr Author EvOlUtIoN , LCF-at my friend!test Themida2100_Unpacked in My computer is running!
November 6, 200915 yr Hmmm indeed not that special.. I wonder what has happend to the oreans people.. They used to be a lot more responsive.. Perhaps they are coding something new.. Because they sure as hell ain't investing their time in updates. It is not that,they did some strange thing to themida,I cant find oep no longer.LCF-AT script does not work anymore damn they must have change some stuff
November 6, 200915 yr Nah perhaps small changes to prevent LCF_AT's script from working. Nothing special. Oep is still available using standard methods. VM_oeps as well. Try to make your own more generic method of finding oeps.. Learn all known compiler ep's and stack interpretation and you can find all oeps manually in less than a few mins.
November 6, 200915 yr if you check appendixes of my EC tutorial, and use some brain, i'm sure you will find the OEP in few minutes. And if you like you can also rebuid all to obtain a clean file.
November 6, 200915 yr @ LithiumSure is my script still working also on this 2100 UnpackMe.If you have problems with the HWBP detection {follow the script step by step and check the breaks on the HWBPs / single step problem}then you should better have a look on your system with IceSword SSDT hooks.Check this and restore all unknown hooks and then trythe script again.Script must still work and it should break here.00405C50 53 PUSH EBX ; OEP or Near at OEP / Sub routine!greetz
February 12, 201015 yr Nice work, works fine here.. And most importantly you did not use an automated unpacker I know of..
February 12, 201015 yr there is no fun in using automated unpacker why i will use one then! Edited February 12, 201015 yr by Ronar22
Create an account or sign in to comment