Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[UnPackMe]Themida2100

thisistest
thisistest
in UnPackMe

Featured Replies

Posted

Protection Options for ok.exe

-----------------------------

Macros Information

------------------

VM Macros: 0

CodeReplace Macros: 0

ENCRYPT Macros: 0

CLEAR Macros: 0

CHECK_PROTECTION Macros: 0

CHECK_CODE_INTEGRITY Macros: 0

CHECK_VIRTUAL_PC Macros: 0

Protection Options

------------------

Anti-Debugger: Advanced

Anti-Dumpers: DISABLED

Entry Point Ofuscation: ENABLED

Resource Encryption: ENABLED

VMWare compatible: ENABLED

API-Wrapping Level: Level 2

Anti-Patching: File Patch (sign support)

Metamorph Security: ENABLED

Memory Guard: ENABLED

When Debugger Found: Display Message

Application compression: ENABLED

Resources compression: ENABLED

SecureEngine compression: ENABLED

Anti-File Monitor: ENABLED

Anti-Registry Monitor: ENABLED

Delphi/BCB form protection: ENABLED

Virtual Machine Settings

------------------------

Number of Virtual APIs wrapped: 0

API Virtualization Level: 3

Entry Point Virtualization: 15 instructions

Multi Branch Technology: DISABLED

Virtual Machine Processor: Mutable CISC processor

Number of CPUs: 1

Opcode Type: Metamorphic - Level 2

Dynamic Opcode: 20% Dynamic

Advanced Protection Options

---------------------------

Encrypt Application: ENABLED

DLL plugin: DISABLED

Hide from PE scanners: Standard

.NET assemblies: ENABLED

Active Context: DISABLED

Add Manifest: Don't add manifest

XBundler files

--------------

No files to bundle

this is test [unPackMe]

Themida2100 md5 fe715e2d6c58cf8e0359483bceef3585

Themida2100.rar

Edited by thisistest

OMG This hard,I hope anyone who unpack this can write a tut

seems like any script fails this and I dont know the method of manually unpacking it

^ ..and so you die..

Me can probably do it.

Just trying begginer luck,

dunno if this can run in your machine..

http://www.zshare.net/download/679640760063834c/

Hello,

here my unpacked file.Tested under XP & win2000.Should also work for you.

greetz

Themida2100_Unpacked.rar

Here is mine one.

I have to say that this is a very very easy target, cause nothing is virtualized or obfuscated except the oep. So i can rebuild oep and completely remove themida section. And also no antidump is really used here, so an unpackme can be done better.

Themida2100_unpacked.rar

Hello,

here my unpacked file.Tested under XP & win2000.Should also work for you.

greetz

LCF-AT You ROCKSSSSSSSSSSSSSS ;)

Hmmm indeed not that special.. I wonder what has happend to the oreans people..

They used to be a lot more responsive.. Perhaps they are coding something new..

Because they sure as hell ain't investing their time in updates.

I can't see any difference from 2.0.8.0 to 2.1.0.0. Don't know on winlicense protection, but i don't think so.

Protection wise they obfuscated VM entry.. But that's about it... Which is about as useful as adding a please do not crack sign in the PE header.

  • Author

EvOlUtIoN , LCF-at my friend!test Themida2100_Unpacked in My computer is running!

Hmmm indeed not that special.. I wonder what has happend to the oreans people..

They used to be a lot more responsive.. Perhaps they are coding something new..

Because they sure as hell ain't investing their time in updates.

It is not that,they did some strange thing to themida,I cant find oep no longer.LCF-AT script does not work anymore :(

damn they must have change some stuff

Nah perhaps small changes to prevent LCF_AT's script from working. Nothing special.

Oep is still available using standard methods. VM_oeps as well.

Try to make your own more generic method of finding oeps.. Learn all known compiler ep's and stack interpretation and you can find all oeps manually in less than a few mins.

if you check appendixes of my EC tutorial, and use some brain, i'm sure you will find the OEP in few minutes. And if you like you can also rebuid all to obtain a clean file.

@ Lithium

Sure is my script still working also on this 2100 UnpackMe.

If you have problems with the HWBP detection {follow the script step by step and check the breaks on the HWBPs / single step problem}

then you should better have a look on your system with IceSword SSDT hooks.Check this and restore all unknown hooks and then try

the script again.Script must still work and it should break here.

00405C50      53              PUSH EBX                         ; OEP or Near at OEP / Sub routine!

greetz

  • 1 month later...
  • Author

test can run or no can run system~!

unpacked123_.rar

Hi thisistest,

yes your unpacked file runs on my system. :) XP no SP-

greetz

  • 1 month later...

this is my first shoot i hope it works for all :sweat:

Unpacked.rar

Nice work, works fine here.. And most importantly you did not use an automated unpacker I know of.. :)

there is no fun in using automated unpacker why i will use one then! :)

Edited by Ronar22

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.