ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Dec 12, 2017 3:48 pm

All times are UTC




Post new topic  Reply to topic  [ 98 posts ]  Go to page Previous 1 2 3 4 5 Next
Author Message
PostPosted: Tue Jan 12, 2016 8:07 am 

Joined: Sun Jan 10, 2016 9:42 am
Posts: 2
CriticalError wrote:
you need use Windows XP to unpack this targets as well, if you will use W7 need other plugins are not incluided in this topic.



ok! but i do't have XP computer Now....T.T
i think it won't be long time to unpack this exe...

if u are XP user... then can u spend a little time for me to unpack this exe..? ( that's ok though say No, then i should find XP OS.. and Install..... )

i'll upload!

https://drive.google.com/file/d/0B0k8hf ... sp=sharing


Top
   
PostPosted: Wed Jan 13, 2016 4:11 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7228
I think that CriticalError meant to use Windows XP in a virtual machine like VirtualBox: http://www.virtualbox.org


Top
   
PostPosted: Wed Jan 13, 2016 4:39 pm 
User avatar

Joined: Thu Aug 14, 2014 8:52 pm
Posts: 183
yes agree with aluigi, you don't need be user XP, you can try in a virtual machine like VirtualBox, VMWare,etc and install XP there, normally I forget mention from the begining the plugins are for XP only and no for WXP, really sorry for that issue, this make a lot mistakes in users, because nobody use XP in this times but well, for W7 is necessary another plugins and really many times I try and configure it, no lucky to unpacking it because I run x64 arquitecture so well is necessary a x86, the debugger is for x86 and no for x64, so this is most tedious problem in W7, sure it can be, but no familiar with olly plugins in W7 to unpack Themida protections.


Top
   
PostPosted: Sat Jan 16, 2016 4:20 pm 

Joined: Sat Jan 16, 2016 3:48 pm
Posts: 3
Hello CriticalError,

First at all, sorry for my bad english.

I get debug the executable with ollydbg, but i can't find (it's hard) the exactly jump to bypass the verification dongle key (HARDKey), because themida encript. But i found this foro with your instructions to unpack themida.

I did follow the steps to unpack themida, but after the step 10 i get the following error "Problem!WL Section not in stack to read - Wrong VirtualAlloc call from". I'm using VMWare Player 6.0.4 with Windows XP SP3.

The url with the executable that i can't unpack

https://drive.google.com/file/d/0ByeJr6CQUvcPVTFVNEI0Z2NveDg/view?usp=sharing

PS: I don't know if this executable is only protected by themida or other things. ProtectionId only show me themida.

Thanks in advance


Top
   
PostPosted: Thu Jan 21, 2016 9:22 pm 

Joined: Thu Jan 21, 2016 9:17 pm
Posts: 8
HELP-ME !
http://i.imgur.com/DzikZfl.png


Top
   
PostPosted: Thu Jan 21, 2016 9:48 pm 

Joined: Sat Jan 16, 2016 3:48 pm
Posts: 3
rubens, el mensaje te está indicando que tienes que aplicar otras herramientas para el caso de 64 bits. Por qué no pruebas instalandote una Virtual Machine con XP de 32 bits.


Top
   
PostPosted: Fri Jan 22, 2016 9:59 pm 

Joined: Thu Jan 21, 2016 9:17 pm
Posts: 8
Image

with windows xp went up item 13, I do not know why not come more pop
HELPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP-ME


Top
   
PostPosted: Sat Jan 23, 2016 2:22 pm 
User avatar

Joined: Thu Aug 14, 2014 8:52 pm
Posts: 183
you need provide full binaries, no only the file contain themida.


Top
   
PostPosted: Sat Jan 23, 2016 5:41 pm 

Joined: Thu Jan 21, 2016 9:17 pm
Posts: 8
but o'que would be the full binaries, I can not generate the executable of the game folder, I took the game folder to give the unpack?

You are to take this protection?

Image


Top
   
PostPosted: Sat Jan 23, 2016 7:18 pm 

Joined: Sat Jan 16, 2016 3:48 pm
Posts: 3
CriticalError wrote:
you need provide full binaries, no only the file contain themida.


Hello, can you help with this

First at all, sorry for my bad english.

I can't get debug the executable with ollydbg, but i can't find (it's hard) the exactly jump to bypass the verification dongle key (HARDKey), because themida encript. But i found this foro with your instructions to unpack themida.

I did follow the steps to unpack themida, but after the step 10 i get the following error "Problem!WL Section not in stack to read - Wrong VirtualAlloc call from". I'm using VMWare Player 6.0.4 with Windows XP SP3.

The url with the executable that i can't unpack

https://drive.google.com/file/d/0ByeJr6CQUvcPVTFVNEI0Z2NveDg/view?usp=sharing


PS: I don't know if this executable is only protected by themida or other things. ProtectionId only show me themida.

Thanks in advance


Top
   
PostPosted: Sat Jan 23, 2016 8:09 pm 

Joined: Thu Jan 21, 2016 9:17 pm
Posts: 8
now he ta thanking and creating a .ovr file ....
o'que would be a .ovr file?

Image


Top
   
PostPosted: Sat Jan 23, 2016 8:33 pm 

Joined: Sat Jan 23, 2016 8:29 pm
Posts: 1
I have a issue with downloading 1 of the deps to unpack these things. I need it for a hacking dll so I can debug why it crashes x2.exe with certain hacks.
PhantOm 1.79
^this thing would not download for me.
Had to install manually at another site but it ended up being newer. Also this dll seems to not be able to unpack right because I am using a x64 based OS on here.

The DLL here.


Top
   
PostPosted: Sat Feb 13, 2016 9:41 am 

Joined: Sat Feb 13, 2016 9:38 am
Posts: 1
Hi. Can you help me to unpack an executable please? This is link for the exe: https://mega.nz/#!fEcCDRgT!udLx_hNlM62f ... dVfc-St8Bs

thank you so much!!!


Top
   
PostPosted: Mon Feb 15, 2016 5:34 pm 

Joined: Mon Feb 15, 2016 5:27 pm
Posts: 1
At the end of execution of a script there is a window!

---------------------------
Themida
---------------------------
An internal exception occurred (Address: 0x7c2e50)

Please, contact yoursite@yoursite.com. Thank you!
---------------------------
ОК


Attachments:
12.rar [1.86 MiB]
Downloaded 182 times
Top
   
PostPosted: Fri Feb 19, 2016 2:44 pm 
User avatar

Joined: Fri Feb 19, 2016 7:52 am
Posts: 1
Hi sir i've been difficult to follow 40% i got error i use it on win xp 32 bit and windows 7 64 bit but unlucky i can't unpack :( can you try to unpack for me this plzzz here it is https://mega.nz/#!qc4SBYIZ!A4GO3FwVowe0 ... YCgS4bcw8s thanks in advance :* have a nice day :)


Top
   
PostPosted: Sat Feb 20, 2016 8:52 pm 

Joined: Thu Jan 21, 2016 9:17 pm
Posts: 8
the phantom link 1.79 this offline you have this plugin there? I did not find on the internet tried a more advanced version and does not pass the script 13-14


Top
   
PostPosted: Mon Feb 29, 2016 6:34 pm 

Joined: Mon Feb 29, 2016 6:32 pm
Posts: 1
Can someone help me? When i do this everything is good only when i enable RDX my ollydbg crashes


Top
   
PostPosted: Thu Mar 03, 2016 5:54 pm 
User avatar

Joined: Thu Aug 14, 2014 8:52 pm
Posts: 183
this message was for all i'm not a programmer mates, so please stop send me PM, I can't help if you stuck in the process of unpack, I do the guide just for experience.


Top
   
PostPosted: Wed Mar 09, 2016 3:08 pm 

Joined: Wed Mar 09, 2016 3:01 pm
Posts: 1
Hello, CriticalError.
When I tried to unpack two apps obfuscated by Themida 2.x.x I've got one problem, and I don't understand what's going on.
Status "terminated" appears after 16th step.
Can you help me to figure out with this, please?
Image


Top
   
PostPosted: Sun Mar 13, 2016 8:41 pm 

Joined: Sun Mar 13, 2016 8:39 pm
Posts: 1
Hi!

Love the tutorial, however i've been having alot of issues unpacking a file, mainly the issue is that i can not find the Direct VM OEP Address

the Themida script says "Rebuild Manually Push & JUMP Values!" but i have no idea how to do that, could you help?

it seems everything else works, ish, except the OEP.

//Rgds Farmith


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 98 posts ]  Go to page Previous 1 2 3 4 5 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited