Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sat Aug 19, 2017 8:32 pm

All times are UTC

Post new topic  Reply to topic  [ 91 posts ]  Go to page Previous 1 2 3 4 5
Author Message
PostPosted: Fri Sep 16, 2016 1:26 am 

Joined: Thu Sep 15, 2016 4:10 am
Posts: 2
CriticalError wrote:
ofc this is dumped in XP no in 7, for make it work, you need make changes in the code of the dumped file to run into Win7, thats simple the kernel is different in XP than 7.

ok thanks that makes sense I guess, if anyone else has done this would be keen to learn the method.

PostPosted: Sun Oct 16, 2016 5:02 pm 
User avatar

Joined: Thu Aug 14, 2014 8:52 pm
Posts: 181
aluigi wrote:
Maybe you can provide a zip containing the whole ollydbg folder already setup and with all the necessary plugins and modifications so that the users can just unzip and use it without looking for dead links and editing stuff.

done mate, here is the ollydbg folder I use before I think all is there but maybe not xD long time ago doing it and leave it so well it still there and hope it works.

http://www.mediafire.com/file/1xvqcqgux ... odbg110.7z

PostPosted: Sat Dec 24, 2016 1:02 pm 

Joined: Wed Apr 13, 2016 1:12 pm
Posts: 4
BUMP - just want to know if anybody has successfully used against any Themida 2.4 target.

TetraMan wrote:
Has anybody used this method against Themida 2.4?

I successfully unpacked an app protected by earlier Themida.

Now I am attempting unpacking of app protected by Themida 2.4

Some of the script popups are not appearing as expected (specifically, the very first popup during the first run - it does not appear... the application simply continues to run as normal), however, the script does produce a dump (unpacked) executable.

Upon running the unpacked version, however, it crashes with "... instruction at... referenced memory... The memory could not be read."

If anybody has successfully unpacked an app protected by Themida 2.4, did you use this method? Did the process go as outlined in the instructions? Did you do anything differently?

PostPosted: Thu Jan 05, 2017 11:37 pm 

Joined: Thu Jan 05, 2017 11:33 pm
Posts: 3
I'm Chung. I have a tools. Can you help me unpack. Thanh you verymuch.
My tool is: http://www.mediafire.com/file/pki28i5ko ... 281%29.rar

PostPosted: Wed Jan 11, 2017 1:21 pm 

Joined: Wed Apr 13, 2016 1:12 pm
Posts: 4
Chung -

What version of Themida is your target protected by?
If it is Themida v2.4 or later, I have found these techniques may not work.

I have successfully used these techniques on targets protected by Themida v2.3 and earlier. However, my latest target is protected by Themida v2.4 and these techniques do not seem to work properly. The unpacked application throws errors. Also, the normal screens/windows did not appear during the unpacking process.

PostPosted: Sun Jan 15, 2017 6:20 pm 

Joined: Thu Jan 05, 2017 11:33 pm
Posts: 3
Hi. My tool protected by Themida v2.3 and earlier. Can you help me?

PostPosted: Mon Jan 16, 2017 10:15 am 

Joined: Thu Jan 05, 2017 11:33 pm
Posts: 3
Hi TetraMan! I used Protection ID V0.6.6.7 December check vesion. The Tools is protecting by Themida v2.0.1.0 - v2.1.8.0. Can you help me unpack it. Thanks!

PostPosted: Mon Jan 16, 2017 4:14 pm 

Joined: Wed Apr 13, 2016 1:12 pm
Posts: 4
While this "How Unpack Themida 2.x.x" approach does not seem to work with targets protected by Themida > v2.4, you should find the process will work for you in unpacking your older target.

You will need the tools listed in earlier posts, eg: Olly and others. I use VMware workstation to host a clean installation of Windows XP (32bit). I am certain you can find both of those things available on the web. You can then easily follow the excellent instructions in earlier posts to this thread and unpack your target!

PostPosted: Fri Mar 17, 2017 4:31 am 

Joined: Fri Mar 17, 2017 4:24 am
Posts: 1
Hi guys. I have the same issue as a previous poster, and I didn't see it answered, so I'll ask for us both again.

I'm using a 32-bit Windows 7 VM. (ESXi). I have Olly 1.10, and all the plug-ins. I have my ollydbg.ini configured correctly, and I get to the step right after "Disable Noppers" and my target pops up a message box.

In the script window, I see this:

If WL doesen't use a MessageBoxExA API to show you the HWID Nag 
or other messages then it used a custom code.In this case just pause
the script if you see the message then pause Olly open call stack and
set a soft BP from where it was called from = after message loop.Now
remove BP again and set the script eip on the label......


and then just resume the script. ;)

This is good advice, but seems to be missing a key component.

I pause the script, then pause olly, ALT-K to bring up the call stack, find the correct place, set the BP. Then what?

Set it
Unset it
adjust the script EIP to the CUSTOM_HWID_ label, and resume?

If so, what's the point of the BP?

PostPosted: Tue Jun 27, 2017 10:48 am 

Joined: Tue Jun 27, 2017 10:46 am
Posts: 1
Don't download : odbg110.7z from the Mediafire link

The file is INFECTED With Trojan.Win32.Swisyn.bner

And it infects .exe files if you have downloaded it i suggest downloading Kaspersky Antivirus Removal Tool and run a full scan on the system.

@Mods @Moderators Request Delete the link

PostPosted: Tue Jun 27, 2017 12:49 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6436
I guess you are a newbie in this field, so:
1) you do NOT need that file, read viewtopic.php?p=18090#p18090
2) new to reverse engineering and advanced tools? welcome to false positives!
3) CriticalError is a well respected and trusted user
4) don't worry, it's not your fault, as I said that's normal if you are new to this stuff. Enjoy reverse engineering and learn

Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 91 posts ]  Go to page Previous 1 2 3 4 5

All times are UTC

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited