Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[UnpackMe] Themida 2.2.3.0

nProtect
nProtect
in UnPackMe

Featured Replies

Posted

Compiler : Visual Basic 6.0

 

here is protection options

 

 Themida - Advanced Windows Software Protection System  [Version 2.2.3.0]Protection Options for UnpackMe_Themida.exe
-------------------------------------------Macros Information
------------------
VM Macros: 0
CodeReplace Macros: 0
ENCRYPT Macros: 0
CLEAR Macros: 0
MUTATE Macros: 0
STR_ENCRYPT Macros: 0
CHECK_PROTECTION Macros: 0
CHECK_CODE_INTEGRITY Macros: 0
CHECK_VIRTUAL_PC Macros: 0
Protection Options
------------------
Anti-Debugger: Ultra
Anti-Dumpers: ENABLED
Entry Point Ofuscation: ENABLED
Resource Encryption: ENABLED
VMWare compatible: ENABLED
API-Wrapping Level: Level 2
Anti-Patching: File Patching
Metamorph Security: ENABLED
Memory Guard: ENABLED
When Debugger Found: Display Message
Application compression: ENABLED
Resources compression: ENABLED
SecureEngine compression: ENABLED
Anti-File Monitor: ENABLED
Anti-Registry Monitor: ENABLED
Delphi/BCB form protection: ENABLED
Virtual Machine Settings
------------------------
Number of Virtual APIs wrapped: 0
API Virtualization Level: 3
Entry Point Virtualization: 0 instructions
Multi Branch Technology: ENABLED
Virtual Machine Processor: Mutable CISC processor
Number of CPUs: 1
Opcode Type: Metamorphic - Level 2
Dynamic Opcode: 20% Dynamic
Advanced Protection Options
---------------------------
Encrypt Application: ENABLED
DLL plugin: DISABLED
Hide from PE scanners: Type 2
.NET assemblies: ENABLED
Active Context: DISABLED
Add Manifest: Don't add manifest
XBundler files
--------------
No files to bundle
 

 

UnpackMe_Themida2230.rar

  • Author

WOW so fast :P


 


can u make a tutorial?


WOW so fast :P

 

can u make a tutorial?

 

Here it is attached.

Used LCF-AT script, of course....

Stripped from the video the Themida sections removal and file rebuilding with LordPE

 

P.S.

You can see the jump to ThunRtMain at 401128 with is a common place for this jump for VB programs.

Unpacking.rar

Edited by GIV

  • Author

oh thanks


any better solutions? use with VM_START and VM_END ?


any better solutions?


 


I do not understant what is a "better" solution for you? Please rephrase....


 


Here is a method for reaching OEP of your file.


 


OEP find.rar

Edited by GIV

If you want to make it harder use the RISC vm, and Entry point virtualization.


Edited by rwkeith

oh thanks

any better solutions? use with VM_START and VM_END ?

 

Yes, that's a good start. Only the weakest protection options were enabled in your file.

 

Add different markers to make the stuff more interesting:

CODEREPLACE_START

CODEREPLACE_END

ENCODE_START

ENCODE_END

CLEAR_START

CLEAR_END

VM_START

VM_END

  • 2 weeks later...

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.