How Unpack Themida 2.x.x (WXP)

[danjin21]

you need use Windows XP to unpack this targets as well, if you will use W7 need other plugins are not incluided in this topic.

ok! but i do't have XP computer Now....T.T
i think it won't be long time to unpack this exe...

if u are XP user... then can u spend a little time for me to unpack this exe..? ( that's ok though say No, then i should find XP OS.. and Install..... )

i'll upload!

https://drive.google.com/file/d/0B0k8hf ... sp=sharing

[aluigi]

I think that CriticalError meant to use Windows XP in a virtual machine like VirtualBox: http://www.virtualbox.org

[CriticalError]

yes agree with aluigi, you don't need be user XP, you can try in a virtual machine like VirtualBox, VMWare,etc and install XP there, normally I forget mention from the begining the plugins are for XP only and no for WXP, really sorry for that issue, this make a lot mistakes in users, because nobody use XP in this times but well, for W7 is necessary another plugins and really many times I try and configure it, no lucky to unpacking it because I run x64 arquitecture so well is necessary a x86, the debugger is for x86 and no for x64, so this is most tedious problem in W7, sure it can be, but no familiar with olly plugins in W7 to unpack Themida protections.

[cccroswhite]

Hello CriticalError,

First at all, sorry for my bad english.

I get debug the executable with ollydbg, but i can't find (it's hard) the exactly jump to bypass the verification dongle key (HARDKey), because themida encript. But i found this foro with your instructions to unpack themida.

I did follow the steps to unpack themida, but after the step 10 i get the following error "Problem!WL Section not in stack to read - Wrong VirtualAlloc call from". I'm using VMWare Player 6.0.4 with Windows XP SP3.

The url with the executable that i can't unpack

https://drive.google.com/file/d/0ByeJr6CQUvcPVTFVNEI0Z2NveDg/view?usp=sharing

PS: I don't know if this executable is only protected by themida or other things. ProtectionId only show me themida.

Thanks in advance

[rubens]

HELP-ME !
http://i.imgur.com/DzikZfl.png

[cccroswhite]

rubens, el mensaje te está indicando que tienes que aplicar otras herramientas para el caso de 64 bits. Por qué no pruebas instalandote una Virtual Machine con XP de 32 bits.

[rubens]

with windows xp went up item 13, I do not know why not come more pop
HELPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP-ME

[CriticalError]

you need provide full binaries, no only the file contain themida.

[rubens]

but o'que would be the full binaries, I can not generate the executable of the game folder, I took the game folder to give the unpack?

You are to take this protection?

[cccroswhite]

you need provide full binaries, no only the file contain themida.

Hello, can you help with this

First at all, sorry for my bad english.

I can't get debug the executable with ollydbg, but i can't find (it's hard) the exactly jump to bypass the verification dongle key (HARDKey), because themida encript. But i found this foro with your instructions to unpack themida.

I did follow the steps to unpack themida, but after the step 10 i get the following error "Problem!WL Section not in stack to read - Wrong VirtualAlloc call from". I'm using VMWare Player 6.0.4 with Windows XP SP3.

The url with the executable that i can't unpack

https://drive.google.com/file/d/0ByeJr6CQUvcPVTFVNEI0Z2NveDg/view?usp=sharing


PS: I don't know if this executable is only protected by themida or other things. ProtectionId only show me themida.

Thanks in advance

[rubens]

now he ta thanking and creating a .ovr file ....
o'que would be a .ovr file?

[AraHaan]

I have a issue with downloading 1 of the deps to unpack these things. I need it for a hacking dll so I can debug why it crashes x2.exe with certain hacks.
PhantOm 1.79
^this thing would not download for me.
Had to install manually at another site but it ended up being newer. Also this dll seems to not be able to unpack right because I am using a x64 based OS on here.

The DLL here.

[achov]

Hi. Can you help me to unpack an executable please? This is link for the exe: https://mega.nz/#!fEcCDRgT!udLx_hNlM62f ... dVfc-St8Bs

thank you so much!!!

[rastaman29]

At the end of execution of a script there is a window!

---------------------------
Themida
---------------------------
An internal exception occurred (Address: 0x7c2e50)

Please, contact yoursite@yoursite.com. Thank you!
---------------------------
ОК

[tisaygirl404]

Hi sir i've been difficult to follow 40% i got error i use it on win xp 32 bit and windows 7 64 bit but unlucky i can't unpack can you try to unpack for me this plzzz here it is https://mega.nz/#!qc4SBYIZ!A4GO3FwVowe0 ... YCgS4bcw8s thanks in advance :* have a nice day

[rubens]

the phantom link 1.79 this offline you have this plugin there? I did not find on the internet tried a more advanced version and does not pass the script 13-14

[deepminer2002]

Can someone help me? When i do this everything is good only when i enable RDX my ollydbg crashes

[CriticalError]

this message was for all i'm not a programmer mates, so please stop send me PM, I can't help if you stuck in the process of unpack, I do the guide just for experience.

[VRock]

Hello, CriticalError.
When I tried to unpack two apps obfuscated by Themida 2.x.x I've got one problem, and I don't understand what's going on.
Status "terminated" appears after 16th step.
Can you help me to figure out with this, please?

[farmith]

Hi!

Love the tutorial, however i've been having alot of issues unpacking a file, mainly the issue is that i can not find the Direct VM OEP Address

the Themida script says "Rebuild Manually Push & JUMP Values!" but i have no idea how to do that, could you help?

it seems everything else works, ish, except the OEP.

//Rgds Farmith