How Unpack Themida 2.x.x (WXP)

[Starlinker]

Hi CriticalError. Can you help unpack Themida from Genesis 4 Online (http://genesis4.co.kr)?

http://softmax.genesis4.xdn.kinxcdn.com ... loader.exe

or https://drive.google.com/folderview?id= ... e_web#list

Thanks Advance.

[CriticalError]

upload just the binaries, I can't download full client.

[Starlinker]

Ops, sorry.

https://www.sendspace.com/file/lemvbk

Thanks Advance.

[CriticalError]

ok anyway I try unpack your file, for some reason in the process it finish process and stop there the unpacking so well I try check what I can do later, sorry.

[Starlinker]

Ok, thank you

[sadfaffel]

I can´t unpack mine too.The application just crashes.
I sent it to your pm.
If you can, can you sent me your´s ollydbg folder and show me how?

Thx
Sadfaffel

[zhatros]

Hello Critical, when i try to unpack in step with i need to edit olly.ini and before that i resume, my olly crashes.

This is the two files i need to unpack.

https://www.sendspace.com/file/psu5rd

https://www.sendspace.com/file/qyl6k4

[lelejau]

It says KernelMode doesnt work in 64 bit systems and my unpack process is not giving the exact screen shots after the changes in the ini file. can you help me ?

[CriticalError]

you can't unpack themida in x64 with ollydbg, if you read carefuly OLLYDBG is a debugger for x32, so in this case you need try use xdbg from mrexodia, is a debugger in base a ollydbg but for x64, so well you can try.

[lelejau]

thanks for the answer. But where can I find those plugins for xdbg? Im total lost here.
I find there is already some script engine there, but it says duplicate label: FINAL_RESULT.

[CriticalError]

as far I know it won't exist, just try do it in SO of x86 arquitecture.

[hinipek]

What I can do?
I have x64 PC,is possible to found plugins for xDBG ,cause I have label duplicate FINAL_RESULT.

[CriticalError]

for unpack a target of x32 with SO of x64 you need use other plugins, thats the problem with Windows 7, 8,1,etc if you use XP is not a problem, the main problem is Themida don't work.

[lelejau]

all right, thanks for the information. Ill try it in a few days and I come back here if I find any problems.

[atom0s]

Windows 7 32bit works fine for unpacking with this script.

If you have a 64bit OS you can download a virtual machine program like VirtualBox, VMWare, etc. to just run another 32bit os in a virtual machine instead of reinstalling your OS.

[garfield028]

hi , i used the unpack script and don't work done..

the resposne message : [ when the i was running script ]

"If WL doesen't use a MessageBoxExA API to show you the HWID Nag
or other messages then it used a custom code.In this case just pause
the script if you see the message then pause Olly open call stack and
set a soft BP from where it was called from = after message loop.Now
remove BP again and set the script eip on the label......"

...

i want to know i bp where ? bp what time?

thank you very much...

[hckhenrique]

Can you try please with this file?
https://www.sendspace.com/file/ehrzot

I tried but I get different messages from Odbg, I am probably doing something wrong...

[tb52525]

Can you try to unpack this file for me?

I've been trying all week and no success.

https://www.sendspace.com/file/q9mkjo

Thank you in advance.

[danjin21]

i did well until now!

BUT

when i check no at when asked to check NOPPER..

then nothing happen....

i could see Xbundler prepair sign not found! at log window...

windows7 or high blarblar... then should i use windows XP? Not Vista? (I'm Vista user)

and... it say.. " if Xbundler found in auto-modus , it will dump blarblar... then should i download Xblunder..?

do u know why?

if u want see my EXE, then i will upload.. plz answer!!

ps my computer is 32bit

and i did all and clear !

[CriticalError]

you need use Windows XP to unpack this targets as well, if you will use W7 need other plugins are not incluided in this topic.