Jump to content
Tuts 4 You

Themida v2.4.6.30

despy3

By despy3
in UnPackMe (.NET)

 Share
Go to solution Solved by Josman,

Recommended Posts

despy3

despy3

Posted
Posted
Themida v2.4.6.30

View File

Themida v2.4.6.30

This is a .NET executable with a Goland DLL packed with Themida.

Try to unpack the executable, dump the bundled DLL then fix the DLL to make it work.

Once completed detail the methods used and how you fixed the DLL.

 

Link to comment
Share on other sites
  • 2 weeks later...
  • 2 months later...
  • Solution
Josman

Josman

Posted
  • Solution
Posted

Tutorial:

Spoiler

1. Dump the executable with extreme dumper or dnspy

2. Dump the bunded dll with MegaDumper, the vdump one should be test.dll if you not sure just check the export function with cff explorer or ida.

3. No need of fixing the dll(at least for me) just rename it to test.dll and launch the dumped executable.

PoC: https://streamable.com/khmzo6

 

unpacked.rar

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...