How Unpack Themida 2.x.x (WXP)

[Ravindra]

Hi,
Download link is not working can you please provide all the scripts and olydbg

[Ravindra]

Hi,
Please provide all the tools and scripts which you used for this. Download link is not working.


Thanks!

[Ravindra]

I am getting below error.

The StrongOD KernelMode will not work on a 64 Bit OS!



Use the TitanHide tool instead or ScyllaHide plugin!

[CriticalError]

I am getting below error.

The StrongOD KernelMode will not work on a 64 Bit OS!



Use the TitanHide tool instead or ScyllaHide plugin!

read the guide carefull, it not work in 64 bits systems, only in x32 the guide I upload.

[dragonteam]

Please unpack these file. i tried with this tutorial bu am struck in NO API in Code error.

https://www91.zippyshare.com/v/BDmzRWTs/file.html

[azsd]

this script seems failed on ctcrtypt.dll, used in some drm protection products.
https://dl.book.dmm.com/download/win32/ ... up_x86.exe
the installer is msi based installshield, can unpack by universeExtract.
https://www.sendspace.com/file/qqfthi
I upload the DRM related libraries to sendspace, donno if there extra dependency.


I writed a hooker to dump decrypt dmmj to jpeg, but I want to write a standalone decryptor based on its DRM algorithm.
its maybe block based cipher like AES/Blowfish.

the unpacker script give such a error at line 1453:
Problem!WL Section not in stack to read - Wrong VirtualAlloc call from!
I am using a windows 2003 in VMWare to do unpack work

[Beringer]

Hi all.
I've been trying to crack this soft for seven days. It has Themida protection. With the help of mega dump and uni fix unpacks. It's like he has some more protection ... I just can't bypass the serial number. I cracked the previous version easy but different protections. I totally lost or I don't have enough skills. I would be grateful for help.
https://anonfiles.com/J2Qaxdx7pa/soft_rar

[dawntom7]

Hi, My name is Dawn. Recently I have found your post regarding unpacking EXE file with Themida. I have tried every step and I wasn't able to unpack the EXE file. Kindly pls unpack the EXE file for me.
Link for the EXE file: https://drive.google.com/file/d/1XSqdyn ... sp=sharing

Thank you so much for your immense support.

REGARDS
DAWN SAJU
Email: dawnsaju2006@gmail.com

[vahid33]

i try unpack with same post , but dumped file will not run and showing Dont send error

what is the solution?

before unpack:
exeinfo:
Themida & WinLicense 2.0 - 2.4.6 - struct (Hide from PE scanners II-V) www.oreans.com , Overlay : 4E4231... Nothing detected
protection id detector:
[!] Themida/Winlicense detected !


after in dump file:

Unknown Packer-Protector , 7 sections - CRC Set - / ReWrite code - Prot/crypt ? , Overlay : 4E4231... Nothing detected

[!] File appears to have no protection or is using an unknown protection

[vahid33]

Tried to use 1.4 script. With unpackme work well
With my program extract dumped program but.."Send-Don't send" Error.
https://mega.nz/#!gEA3WKZY!zGIcFrh0tCIL ... ZNwIbvAkUE

Where i wrong?

i have same issue

[jaeger]

Hello CriticalError,

First at all, sorry for my bad english.

I get debug the executable with ollydbg, but i can't find (it's hard) the exactly jump to bypass the verification dongle key (HARDKey), because themida encript. But i found this foro with your instructions to unpack themida.

I did follow the steps to unpack themida, but after the step 10 i get the following error "Problem!WL Section not in stack to read - Wrong VirtualAlloc call from". I'm using VMWare Player 6.0.4 with Windows XP SP3.

The url with the executable that i can't unpack

https://drive.google.com/file/d/0ByeJr6CQUvcPVTFVNEI0Z2NveDg/view?usp=sharing

PS: I don't know if this executable is only protected by themida or other things. ProtectionId only show me themida.

Thanks in advance

hi guys, "Problem!WL section not in stack to read - wrong VirtualAlloc Call From!" I am also getting the error. I hope someone can help.

[SubZer0]

Inline patching is far better thn unpacking.