Jump to content
Tuts 4 You

Themida v2.4.6.30


despy3
Go to solution Solved by Josman,

Recommended Posts

Themida v2.4.6.30


This is a .NET executable with a Goland DLL packed with Themida.

Try to unpack the executable, dump the bundled DLL then fix the DLL to make it work.

Once completed detail the methods used and how you fixed the DLL.


 

Link to post
  • 2 weeks later...
  • 2 months later...
  • Solution
Josman

Tutorial:

Spoiler

1. Dump the executable with extreme dumper or dnspy

2. Dump the bunded dll with MegaDumper, the vdump one should be test.dll if you not sure just check the export function with cff explorer or ida.

3. No need of fixing the dll(at least for me) just rename it to test.dll and launch the dumped executable.

PoC: https://streamable.com/khmzo6

 

unpacked.rar

  • Like 1
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...