thisistest Posted November 4, 2009 Posted November 4, 2009 (edited) Protection Options for ok.exe-----------------------------Macros Information------------------VM Macros: 0CodeReplace Macros: 0ENCRYPT Macros: 0CLEAR Macros: 0CHECK_PROTECTION Macros: 0CHECK_CODE_INTEGRITY Macros: 0CHECK_VIRTUAL_PC Macros: 0Protection Options------------------Anti-Debugger: AdvancedAnti-Dumpers: DISABLEDEntry Point Ofuscation: ENABLEDResource Encryption: ENABLEDVMWare compatible: ENABLEDAPI-Wrapping Level: Level 2Anti-Patching: File Patch (sign support)Metamorph Security: ENABLEDMemory Guard: ENABLEDWhen Debugger Found: Display MessageApplication compression: ENABLEDResources compression: ENABLEDSecureEngine compression: ENABLEDAnti-File Monitor: ENABLEDAnti-Registry Monitor: ENABLEDDelphi/BCB form protection: ENABLEDVirtual Machine Settings------------------------Number of Virtual APIs wrapped: 0API Virtualization Level: 3Entry Point Virtualization: 15 instructionsMulti Branch Technology: DISABLEDVirtual Machine Processor: Mutable CISC processorNumber of CPUs: 1Opcode Type: Metamorphic - Level 2Dynamic Opcode: 20% DynamicAdvanced Protection Options---------------------------Encrypt Application: ENABLEDDLL plugin: DISABLEDHide from PE scanners: Standard.NET assemblies: ENABLEDActive Context: DISABLEDAdd Manifest: Don't add manifestXBundler files--------------No files to bundlethis is test [unPackMe]Themida2100 md5 fe715e2d6c58cf8e0359483bceef3585Themida2100.rar Edited November 4, 2009 by thisistest
thisistest Posted November 4, 2009 Author Posted November 4, 2009 file http://www.plunder.com/Themida2100-rar-download-055fe9b2f2.htm
r00t_H@ck3r Posted November 4, 2009 Posted November 4, 2009 OMG This hard,I hope anyone who unpack this can write a tutseems like any script fails this and I dont know the method of manually unpacking it
Apakekdah Posted November 4, 2009 Posted November 4, 2009 Just trying begginer luck,dunno if this can run in your machine..http://www.zshare.net/download/679640760063834c/
LCF-AT Posted November 4, 2009 Posted November 4, 2009 Hello,here my unpacked file.Tested under XP & win2000.Should also work for you.greetzThemida2100_Unpacked.rar
EvOlUtIoN Posted November 4, 2009 Posted November 4, 2009 Here is mine one.I have to say that this is a very very easy target, cause nothing is virtualized or obfuscated except the oep. So i can rebuild oep and completely remove themida section. And also no antidump is really used here, so an unpackme can be done better.Themida2100_unpacked.rar
Sp1d3rZ Posted November 5, 2009 Posted November 5, 2009 Hello, here my unpacked file.Tested under XP & win2000.Should also work for you. greetz LCF-AT You ROCKSSSSSSSSSSSSSS
quosego Posted November 5, 2009 Posted November 5, 2009 Hmmm indeed not that special.. I wonder what has happend to the oreans people.. They used to be a lot more responsive.. Perhaps they are coding something new.. Because they sure as hell ain't investing their time in updates.
EvOlUtIoN Posted November 5, 2009 Posted November 5, 2009 I can't see any difference from 2.0.8.0 to 2.1.0.0. Don't know on winlicense protection, but i don't think so.
quosego Posted November 5, 2009 Posted November 5, 2009 Protection wise they obfuscated VM entry.. But that's about it... Which is about as useful as adding a please do not crack sign in the PE header.
thisistest Posted November 5, 2009 Author Posted November 5, 2009 EvOlUtIoN , LCF-at my friend!test Themida2100_Unpacked in My computer is running!
r00t_H@ck3r Posted November 6, 2009 Posted November 6, 2009 Hmmm indeed not that special.. I wonder what has happend to the oreans people.. They used to be a lot more responsive.. Perhaps they are coding something new.. Because they sure as hell ain't investing their time in updates. It is not that,they did some strange thing to themida,I cant find oep no longer.LCF-AT script does not work anymore damn they must have change some stuff
quosego Posted November 6, 2009 Posted November 6, 2009 Nah perhaps small changes to prevent LCF_AT's script from working. Nothing special. Oep is still available using standard methods. VM_oeps as well. Try to make your own more generic method of finding oeps.. Learn all known compiler ep's and stack interpretation and you can find all oeps manually in less than a few mins.
EvOlUtIoN Posted November 6, 2009 Posted November 6, 2009 if you check appendixes of my EC tutorial, and use some brain, i'm sure you will find the OEP in few minutes. And if you like you can also rebuid all to obtain a clean file.
LCF-AT Posted November 6, 2009 Posted November 6, 2009 @ LithiumSure is my script still working also on this 2100 UnpackMe.If you have problems with the HWBP detection {follow the script step by step and check the breaks on the HWBPs / single step problem}then you should better have a look on your system with IceSword SSDT hooks.Check this and restore all unknown hooks and then trythe script again.Script must still work and it should break here.00405C50 53 PUSH EBX ; OEP or Near at OEP / Sub routine!greetz
thisistest Posted January 5, 2010 Author Posted January 5, 2010 test can run or no can run system~!unpacked123_.rar
LCF-AT Posted January 5, 2010 Posted January 5, 2010 Hi thisistest, yes your unpacked file runs on my system. XP no SP- greetz
Ronar22 Posted February 12, 2010 Posted February 12, 2010 this is my first shoot i hope it works for all Unpacked.rar
quosego Posted February 12, 2010 Posted February 12, 2010 Nice work, works fine here.. And most importantly you did not use an automated unpacker I know of..
Ronar22 Posted February 12, 2010 Posted February 12, 2010 (edited) there is no fun in using automated unpacker why i will use one then! Edited February 12, 2010 by Ronar22
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now