Jump to content
Tuts 4 You

[unpackme] Themida 1.5.0.0...


Teddy Rogers

Recommended Posts

Teddy Rogers

Themida 1.5.0.0 UnPackMe's here:

http://tuts4you.com/unpackme/index.php?path=PE32bit%2FThemida%2FThemida+1.5.0.0/

Ted.

Link to comment

Hi Teddy !

Is this unpackme packed by ( Registered Version of TheMida ) or ( Cracked Version And Demo Version ) ?

my friends tells me : "Cracked Version" And "Demo Version" of this packer hasn't professional anti-dump / anti-debugging feutures; and just "Registered Version" has professional anti-dump / anti-debugging feutures ... are they right ?

Edited by SUB Z3R0
Link to comment

Well put it this way, I can debug in olly and dump with LordPE.

Which tends to suggest they arent present ;)

I have no idea what oreans are upto, they are making this easier than the earlier versions!

Very inline patchable aswell, but unlike 1.0.0.5 there are alot more stages between hard code and program code.

Edited by Whiterat
Link to comment
Teddy Rogers

They were packed using the cracked version. I'm trying to get my hands on a full licence or in contact with someone with a valid licence to create some unpackme's and see if there is a difference in later Themida versions. If anyone can help please contact me...

Ted.

Link to comment
Teddy Rogers

There shouldn't be if it has been reversed correctly but it would be nice to get hold of a valid licence or copy just to confirm these facts - or find a known application packed with the latest version and protection features...

Ted.

Link to comment

TEDDY

i found you a valid licence for these versions [posted by Celta68]

works with versions 1.3.5.5 and 1.5.3.0

works with versions 1.0.0.5 and 1.5.3.0

Edited by s0me0ne
Link to comment
Teddy Rogers

Sure I do :) Please mail it to me at: teddyrogers@tuts4you.com

Many thanks...

Ted.

I found it already... :P

Ted.

Link to comment
Teddy Rogers

Someone already mailed it to me but I've just seen the topic over at Unpack China. I see it was a result of EMule - good find... :P

Ted.

Link to comment
Guest Newbie_Cracker

SUB Z3R0, I was wrong because Ring0 protections is disabled in newer version of Themida.

I thought Ring0 protection is disbaled in demo versions.

It's gone maybe because of M$ limitations to access low level of OS (Patching Policy for x64-Based Systems).

Link to comment
Teddy Rogers

Ring-0 protection option is still there if you have the none demo version. It was not included in early Themida versions then reappeared at about version 1.2. You could even test Ring-0 functionality out using the demo versions up until version 1.3.5.0.

In WinLicense the Ring-0 has never been used probably to provide better and reliable compatibility as a licensing tool...

Ted.

Link to comment

what's up nima(SUB Z3R0) ?

can you unpack this version?

Can u c any professional Anti-Dump/Debugging protections in that protected UnpackMe?

thanx alot.

Link to comment

Sure ... My tutorial works for all versions ... ( because themida hasn't changed yet ! ) ... without ring-0 driver, unpacking this protector is like drinking water !

Edited by SUB Z3R0
Link to comment
Guest Newbie_Cracker
Sure ... My tutorial works for all versions ... ( because themida hasn't changed yet ! ) ... without ring-0 driver, unpacking this protector is like drinking water !

Yeah, you're right, but not in VM case.

Link to comment
There shouldn't be if it has been reversed correctly but it would be nice to get hold of a valid licence or copy just to confirm these facts - or find a known application packed with the latest version and protection features...

Ted.

Here is a program protected by themida(i don't know what version):

http://www.apimonitor.com/download/APIMonitorTrial.exe
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...