thisistest Posted November 4, 2009 Share Posted November 4, 2009 (edited) Protection Options for ok.exe-----------------------------Macros Information------------------VM Macros: 0CodeReplace Macros: 0ENCRYPT Macros: 0CLEAR Macros: 0CHECK_PROTECTION Macros: 0CHECK_CODE_INTEGRITY Macros: 0CHECK_VIRTUAL_PC Macros: 0Protection Options------------------Anti-Debugger: AdvancedAnti-Dumpers: DISABLEDEntry Point Ofuscation: ENABLEDResource Encryption: ENABLEDVMWare compatible: ENABLEDAPI-Wrapping Level: Level 2Anti-Patching: File Patch (sign support)Metamorph Security: ENABLEDMemory Guard: ENABLEDWhen Debugger Found: Display MessageApplication compression: ENABLEDResources compression: ENABLEDSecureEngine compression: ENABLEDAnti-File Monitor: ENABLEDAnti-Registry Monitor: ENABLEDDelphi/BCB form protection: ENABLEDVirtual Machine Settings------------------------Number of Virtual APIs wrapped: 0API Virtualization Level: 3Entry Point Virtualization: 15 instructionsMulti Branch Technology: DISABLEDVirtual Machine Processor: Mutable CISC processorNumber of CPUs: 1Opcode Type: Metamorphic - Level 2Dynamic Opcode: 20% DynamicAdvanced Protection Options---------------------------Encrypt Application: ENABLEDDLL plugin: DISABLEDHide from PE scanners: Standard.NET assemblies: ENABLEDActive Context: DISABLEDAdd Manifest: Don't add manifestXBundler files--------------No files to bundlethis is test [unPackMe]Themida2100 md5 fe715e2d6c58cf8e0359483bceef3585Themida2100.rar Edited November 4, 2009 by thisistest Link to comment Share on other sites More sharing options...
thisistest Posted November 4, 2009 Author Share Posted November 4, 2009 file http://www.plunder.com/Themida2100-rar-download-055fe9b2f2.htm Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted November 4, 2009 Share Posted November 4, 2009 OMG This hard,I hope anyone who unpack this can write a tutseems like any script fails this and I dont know the method of manually unpacking it Link to comment Share on other sites More sharing options...
SunBeam Posted November 4, 2009 Share Posted November 4, 2009 ^ ..and so you die.. Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted November 4, 2009 Share Posted November 4, 2009 Me can probably do it. Link to comment Share on other sites More sharing options...
Apakekdah Posted November 4, 2009 Share Posted November 4, 2009 Just trying begginer luck,dunno if this can run in your machine..http://www.zshare.net/download/679640760063834c/ Link to comment Share on other sites More sharing options...
LCF-AT Posted November 4, 2009 Share Posted November 4, 2009 Hello,here my unpacked file.Tested under XP & win2000.Should also work for you.greetzThemida2100_Unpacked.rar Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted November 4, 2009 Share Posted November 4, 2009 Here is mine one.I have to say that this is a very very easy target, cause nothing is virtualized or obfuscated except the oep. So i can rebuild oep and completely remove themida section. And also no antidump is really used here, so an unpackme can be done better.Themida2100_unpacked.rar Link to comment Share on other sites More sharing options...
Sp1d3rZ Posted November 5, 2009 Share Posted November 5, 2009 Hello, here my unpacked file.Tested under XP & win2000.Should also work for you. greetz LCF-AT You ROCKSSSSSSSSSSSSSS Link to comment Share on other sites More sharing options...
quosego Posted November 5, 2009 Share Posted November 5, 2009 Hmmm indeed not that special.. I wonder what has happend to the oreans people.. They used to be a lot more responsive.. Perhaps they are coding something new.. Because they sure as hell ain't investing their time in updates. Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted November 5, 2009 Share Posted November 5, 2009 I can't see any difference from 2.0.8.0 to 2.1.0.0. Don't know on winlicense protection, but i don't think so. Link to comment Share on other sites More sharing options...
quosego Posted November 5, 2009 Share Posted November 5, 2009 Protection wise they obfuscated VM entry.. But that's about it... Which is about as useful as adding a please do not crack sign in the PE header. Link to comment Share on other sites More sharing options...
thisistest Posted November 5, 2009 Author Share Posted November 5, 2009 EvOlUtIoN , LCF-at my friend!test Themida2100_Unpacked in My computer is running! Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted November 6, 2009 Share Posted November 6, 2009 Hmmm indeed not that special.. I wonder what has happend to the oreans people.. They used to be a lot more responsive.. Perhaps they are coding something new.. Because they sure as hell ain't investing their time in updates. It is not that,they did some strange thing to themida,I cant find oep no longer.LCF-AT script does not work anymore damn they must have change some stuff Link to comment Share on other sites More sharing options...
quosego Posted November 6, 2009 Share Posted November 6, 2009 Nah perhaps small changes to prevent LCF_AT's script from working. Nothing special. Oep is still available using standard methods. VM_oeps as well. Try to make your own more generic method of finding oeps.. Learn all known compiler ep's and stack interpretation and you can find all oeps manually in less than a few mins. Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted November 6, 2009 Share Posted November 6, 2009 if you check appendixes of my EC tutorial, and use some brain, i'm sure you will find the OEP in few minutes. And if you like you can also rebuid all to obtain a clean file. Link to comment Share on other sites More sharing options...
LCF-AT Posted November 6, 2009 Share Posted November 6, 2009 @ LithiumSure is my script still working also on this 2100 UnpackMe.If you have problems with the HWBP detection {follow the script step by step and check the breaks on the HWBPs / single step problem}then you should better have a look on your system with IceSword SSDT hooks.Check this and restore all unknown hooks and then trythe script again.Script must still work and it should break here.00405C50 53 PUSH EBX ; OEP or Near at OEP / Sub routine!greetz Link to comment Share on other sites More sharing options...
thisistest Posted January 5, 2010 Author Share Posted January 5, 2010 test can run or no can run system~!unpacked123_.rar Link to comment Share on other sites More sharing options...
LCF-AT Posted January 5, 2010 Share Posted January 5, 2010 Hi thisistest, yes your unpacked file runs on my system. XP no SP- greetz Link to comment Share on other sites More sharing options...
Ronar22 Posted February 12, 2010 Share Posted February 12, 2010 this is my first shoot i hope it works for all Unpacked.rar Link to comment Share on other sites More sharing options...
quosego Posted February 12, 2010 Share Posted February 12, 2010 Nice work, works fine here.. And most importantly you did not use an automated unpacker I know of.. Link to comment Share on other sites More sharing options...
Ronar22 Posted February 12, 2010 Share Posted February 12, 2010 (edited) there is no fun in using automated unpacker why i will use one then! Edited February 12, 2010 by Ronar22 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now