How Unpack Themida 2.x.x (WXP)

[marcioaraujo]

Help me.
Problem! END IAT Pointer not found!

[oisilener1982]

I am getting this Pusha Error I am using Windows 7 SP1 64 bit

This happened at Step 7. I clicked Yes and it is OK. I clicked No then Pusha Error

Below is the Protection ID Screenshot

Pusha Error.JPG

Below is the program that i want to unpack. I paid for the program that I want to unpack but unfortunately it will only work in my PC because of HWID protection and it is also packed with themida.

https://drive.google.com/file/d/0ByTHZVm-0I7Kc2hHSEVBSEw3UGs/view?usp=sharing

[azreq02]

Hey, I tried unpacking a dll themida but I cant :/ can anyone unpack please ?

[kfcsmitty]

Hi, thanks for this tutorial!

Your unpacker seems to work properly until just before the "finished" message for me, when it says it was unable to dump the file and I would have to dump manually.

Are there troubleshooting steps you would usually give to someone in this scenario or anything that might help nudge me along?

Thanks,

Smitty


*edit* So my whole issue was because I was running the script on a .bin file. Changing the file extension to .exe fixed my issue.

[TetraMan]

Has anybody used this method against Themida 2.4?

I successfully unpacked an app protected by earlier Themida.

Now I am attempting unpacking of app protected by Themida 2.4

Some of the script popups are not appearing as expected (specifically, the very first popup during the first run - it does not appear... the application simply continues to run as normal), however, the script does produce a dump (unpacked) executable.

Upon running the unpacked version, however, it crashes with "... instruction at... referenced memory... The memory could not be read."

If anybody has successfully unpacked an app protected by Themida 2.4, did you use this method? Did the process go as outlined in the instructions? Did you do anything differently?

[repahidis]

hello, first thanks for tutorial. I make all steps same yours but I have an error like on screeenshoot. please give me a resolve, its make me angry

[CriticalError]

hello, first thanks for tutorial. I make all steps same yours but I have an error like on screeenshoot. please give me a resolve, its make me angry

check correct path of ArImpRec.dll when you configure it in script.

[andriuskk]

*moderator edit* removed useless big quote.


Im need help for this https://drive.google.com/folderview?id= ... sp=sharing
Pls help me remove
It helps me to remove Security and Themida

This is autokill for muglobal webzen

more price for this hack is 20 usd/month
i need cracked this hack

[erikeleria]

Hello everyone. I need help. I was trying to unpack a game but in the middle of themida script running I hit a wall. I think this is only for 32bit systems 'coz I'm on a 64bit system. Would anyone tell me what to do or edit to make themida script run for 64bit system. It tells me to use TitanHide or ScyllaHide but I don't know what to do with it

OR

@CriticalError, can you unpack the exe for me?

[lotficrew]

IATSTART VA
and IATEND VA pointer not found in dump windows how fixe them ?

this is the softwar who i want to unpack it plzzzz helppp

http://www.cdma-ware.com/workshop/demo/cdma_workshop.rar

[briggs]

I ran your script and definitely was able to unpack my file (it at least a little bit) because I couldn't find any text strings or intermodular calls before and now I can. Also protectId tells me there is no more packing detected!! So that's good.

The problem is that the file is not executable anymore!!
-It crashes...
-Olly says: Bad or unknown format of 32-bit executable file 'msvcp100.dll'
-Olly says: Bad or unknown format of 32-bit executable file 'msvcr100.dll'

Also, there are still some things telling me the binary is packed:

-RDG Packer Detector tells me the binary is "probably" still packed with Themida (before it said Themida/Winlicense 2.x).
-Olly tells me that the binary has entry point outside of the code section and probably is compressed

So is the binary "half-unpacked"? What do I need to do?
Thanks for any help...

[rubens]

PhantOm plugin 1.79 link broken link, new upload thank you

[kimeknyaasu]

can you help me unpack a program?

[kimeknyaasu]

Problem ! END IAT Pointer not found!

[hamducbuon]

Please show me fix it..
Error "Text: bc eip"
Thank you !

[aluigi]

The following are some posts that were posted as "topics" so I collect them here (and delete the wrongly open topics):

Please help unpack library packed Themida 1.8.x.x -> Oreans Technologies *

I see - only after clicking Submit - that I created a new thread rather than adding to existing topic:
viewtopic.php?t=1051 (oops!)

I have applied the lessons of the thread above. I am working with OllyDbg 110, Windows XP 32bit, and have all the proper plugins.

I have completed the entire process and the Themida script ran without error.

When launching the dumped file, I get ACCESS VIOLATIONs memory reads.
I can click through these, and the application initializes properly.
Some application functions work perfectly. Others throw ACCESS VIOLATION.

I found a post by LCF-AT https://forum.tuts4you.com/topic/21043- ... hemida-24/ which seems to talk about access violation hook and other things. That post is brief and provides insufficient detail to guide me.

Can anybody offer any guidance? If you have a PayPal account, I will pay 50USD for a complete process to solve this.

I need help to do unpack in this file.

http://www.mediafire.com/download/9ehv3ckb1dmvhw6/rhclient.exe

Thanks

Since I'm on a x64 system and Themida/Winlicense script only works on x86 system, I had to get a XP x86. Well, I tried Windows XP Mode which worked fine until I had to open the file I'm gonna work on and viola, an error, "Unable to start file C:\blahblah.exe" .. Anyone here got this problem also?

[ZilexSeryth]

HI, First of all sorry for bad english

does this work on

Talisman Online

Client.exe

I'm wondering cuz Client.exe can't ran without a launcher.
the launcher can only be a .Bat File

the GM's of the game has made a launcher (naming Launcher.exe). they made this for an automatic patcher of the game.

Launcher.exe and Client.exe are themida packed.

my goal would be to know what is inside the Client.exe so I can know what is happening and what is it doing running to run the game.

so I can Create my Own Client.exe

Don't Worry about Me cracking the game, That Game has many of private servers, therefor it is accessible to many already.

[kdn]

Hi all, this tutorial worked well for me, I unpacked my file using a winxp virtual machine, one thing I have noticed though, I can excute the unpacked file on my xp machine with no issues, however copying to my win7 machine, the file wont open. Anyone else noticed this?

Also if you want to hear something funny, after I executed my unpacked file, it threw an error "the size of this file is not correct, please redownload it" im sure I can bypass that now its all clear code!

[CriticalError]

ofc this is dumped in XP no in 7, for make it work, you need make changes in the code of the dumped file to run into Win7, thats simple the kernel is different in XP than 7.

[aluigi]

@CriticalError
Maybe you can provide a zip containing the whole ollydbg folder already setup and with all the necessary plugins and modifications so that the users can just unzip and use it without looking for dead links and editing stuff.