Jump to content
Tuts 4 You

[UnpackMe] Themida 2.2.3.0


nProtect

Recommended Posts

Compiler : Visual Basic 6.0

 

here is protection options

 

 Themida - Advanced Windows Software Protection System  [Version 2.2.3.0]Protection Options for UnpackMe_Themida.exe
-------------------------------------------Macros Information
------------------
VM Macros: 0
CodeReplace Macros: 0
ENCRYPT Macros: 0
CLEAR Macros: 0
MUTATE Macros: 0
STR_ENCRYPT Macros: 0
CHECK_PROTECTION Macros: 0
CHECK_CODE_INTEGRITY Macros: 0
CHECK_VIRTUAL_PC Macros: 0
Protection Options
------------------
Anti-Debugger: Ultra
Anti-Dumpers: ENABLED
Entry Point Ofuscation: ENABLED
Resource Encryption: ENABLED
VMWare compatible: ENABLED
API-Wrapping Level: Level 2
Anti-Patching: File Patching
Metamorph Security: ENABLED
Memory Guard: ENABLED
When Debugger Found: Display Message
Application compression: ENABLED
Resources compression: ENABLED
SecureEngine compression: ENABLED
Anti-File Monitor: ENABLED
Anti-Registry Monitor: ENABLED
Delphi/BCB form protection: ENABLED
Virtual Machine Settings
------------------------
Number of Virtual APIs wrapped: 0
API Virtualization Level: 3
Entry Point Virtualization: 0 instructions
Multi Branch Technology: ENABLED
Virtual Machine Processor: Mutable CISC processor
Number of CPUs: 1
Opcode Type: Metamorphic - Level 2
Dynamic Opcode: 20% Dynamic
Advanced Protection Options
---------------------------
Encrypt Application: ENABLED
DLL plugin: DISABLED
Hide from PE scanners: Type 2
.NET assemblies: ENABLED
Active Context: DISABLED
Add Manifest: Don't add manifest
XBundler files
--------------
No files to bundle
 

 

UnpackMe_Themida2230.rar

Link to comment

WOW so fast :P

 

can u make a tutorial?

 

Here it is attached.

Used LCF-AT script, of course....

Stripped from the video the Themida sections removal and file rebuilding with LordPE

 

P.S.

You can see the jump to ThunRtMain at 401128 with is a common place for this jump for VB programs.

Unpacking.rar

Edited by GIV
Link to comment

oh thanks

any better solutions? use with VM_START and VM_END ?

 

Yes, that's a good start. Only the weakest protection options were enabled in your file.

 

Add different markers to make the stuff more interesting:

CODEREPLACE_START

CODEREPLACE_END

ENCODE_START

ENCODE_END

CLEAR_START

CLEAR_END

VM_START

VM_END

Link to comment
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...