nProtect Posted February 4, 2013 Posted February 4, 2013 Compiler : Visual Basic 6.0 here is protection options Themida - Advanced Windows Software Protection System [Version 2.2.3.0]Protection Options for UnpackMe_Themida.exe-------------------------------------------Macros Information------------------VM Macros: 0CodeReplace Macros: 0ENCRYPT Macros: 0CLEAR Macros: 0MUTATE Macros: 0STR_ENCRYPT Macros: 0CHECK_PROTECTION Macros: 0CHECK_CODE_INTEGRITY Macros: 0CHECK_VIRTUAL_PC Macros: 0Protection Options------------------Anti-Debugger: UltraAnti-Dumpers: ENABLEDEntry Point Ofuscation: ENABLEDResource Encryption: ENABLEDVMWare compatible: ENABLEDAPI-Wrapping Level: Level 2Anti-Patching: File PatchingMetamorph Security: ENABLEDMemory Guard: ENABLEDWhen Debugger Found: Display MessageApplication compression: ENABLEDResources compression: ENABLEDSecureEngine compression: ENABLEDAnti-File Monitor: ENABLEDAnti-Registry Monitor: ENABLEDDelphi/BCB form protection: ENABLEDVirtual Machine Settings------------------------Number of Virtual APIs wrapped: 0API Virtualization Level: 3Entry Point Virtualization: 0 instructionsMulti Branch Technology: ENABLEDVirtual Machine Processor: Mutable CISC processorNumber of CPUs: 1Opcode Type: Metamorphic - Level 2Dynamic Opcode: 20% DynamicAdvanced Protection Options---------------------------Encrypt Application: ENABLEDDLL plugin: DISABLEDHide from PE scanners: Type 2.NET assemblies: ENABLEDActive Context: DISABLEDAdd Manifest: Don't add manifestXBundler files--------------No files to bundle UnpackMe_Themida2230.rar
LCF-AT Posted February 4, 2013 Posted February 4, 2013 @ nProtect Not very well protected. greetz UnpackMe_Themida 2.2.3.0_Unpacked.rar 2
GIV Posted February 5, 2013 Posted February 5, 2013 (edited) WOW so fast can u make a tutorial? Here it is attached. Used LCF-AT script, of course.... Stripped from the video the Themida sections removal and file rebuilding with LordPE P.S. You can see the jump to ThunRtMain at 401128 with is a common place for this jump for VB programs. Unpacking.rar Edited February 5, 2013 by GIV
nProtect Posted February 5, 2013 Author Posted February 5, 2013 oh thanksany better solutions? use with VM_START and VM_END ?
GIV Posted February 5, 2013 Posted February 5, 2013 (edited) any better solutions? I do not understant what is a "better" solution for you? Please rephrase.... Here is a method for reaching OEP of your file. OEP find.rar Edited February 5, 2013 by GIV
rwkeith Posted February 5, 2013 Posted February 5, 2013 (edited) If you want to make it harder use the RISC vm, and Entry point virtualization. Edited February 5, 2013 by rwkeith
HellSpider Posted February 6, 2013 Posted February 6, 2013 oh thanksany better solutions? use with VM_START and VM_END ? Yes, that's a good start. Only the weakest protection options were enabled in your file. Add different markers to make the stuff more interesting:CODEREPLACE_STARTCODEREPLACE_ENDENCODE_STARTENCODE_ENDCLEAR_STARTCLEAR_ENDVM_STARTVM_END
yangkaiyin Posted February 15, 2013 Posted February 15, 2013 (edited) who can try this:http://pan.baidu.com/share/link?shareid=315786&uk=4046366761 Edited February 15, 2013 by yangkaiyin
yangkaiyin Posted February 15, 2013 Posted February 15, 2013 and this is my unpacked file:http://pan.baidu.com/share/link?shareid=315788&uk=4046366761
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now