ZenHAX
http://zenhax.com/

How Unpack Themida 2.x.x (WXP)
http://zenhax.com/viewtopic.php?f=4&t=1051
Page 2 of 5

Author:  Starlinker [ Mon Oct 26, 2015 12:42 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

Hi CriticalError. Can you help unpack Themida from Genesis 4 Online (http://genesis4.co.kr)? :roll:

http://softmax.genesis4.xdn.kinxcdn.com ... loader.exe

or https://drive.google.com/folderview?id= ... e_web#list

Thanks Advance.

Author:  CriticalError [ Mon Oct 26, 2015 4:18 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

upload just the binaries, I can't download full client.

Author:  Starlinker [ Mon Oct 26, 2015 4:31 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

Ops, sorry. :)

https://www.sendspace.com/file/lemvbk

Thanks Advance.

Author:  CriticalError [ Mon Oct 26, 2015 5:42 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

ok anyway I try unpack your file, for some reason in the process it finish process and stop there the unpacking so well I try check what I can do later, sorry.

Author:  Starlinker [ Mon Oct 26, 2015 6:23 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

Ok, thank you :)

Author:  sadfaffel [ Tue Nov 10, 2015 3:11 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

I can´t unpack mine too.The application just crashes.
I sent it to your pm.
If you can, can you sent me your´s ollydbg folder and show me how?

Thx
Sadfaffel

Author:  zhatros [ Thu Nov 19, 2015 6:18 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

Hello Critical, when i try to unpack in step with i need to edit olly.ini and before that i resume, my olly crashes.

This is the two files i need to unpack.

https://www.sendspace.com/file/psu5rd

https://www.sendspace.com/file/qyl6k4

Author:  lelejau [ Tue Dec 01, 2015 2:31 am ]
Post subject:  Re: How Unpack Themida 2.x.x

It says KernelMode doesnt work in 64 bit systems and my unpack process is not giving the exact screen shots after the changes in the ini file. can you help me ?

Author:  CriticalError [ Tue Dec 01, 2015 3:28 am ]
Post subject:  Re: How Unpack Themida 2.x.x

you can't unpack themida in x64 with ollydbg, if you read carefuly OLLYDBG is a debugger for x32, so in this case you need try use xdbg from mrexodia, is a debugger in base a ollydbg but for x64, so well you can try.

Author:  lelejau [ Tue Dec 01, 2015 4:23 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

thanks for the answer. But where can I find those plugins for xdbg? Im total lost here.
I find there is already some script engine there, but it says duplicate label: FINAL_RESULT.

Author:  CriticalError [ Tue Dec 01, 2015 8:24 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

as far I know it won't exist, just try do it in SO of x86 arquitecture.

Author:  hinipek [ Thu Dec 03, 2015 12:25 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

Image
What I can do?
I have x64 PC,is possible to found plugins for xDBG ,cause I have label duplicate FINAL_RESULT.

Author:  CriticalError [ Thu Dec 03, 2015 7:01 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

for unpack a target of x32 with SO of x64 you need use other plugins, thats the problem with Windows 7, 8,1,etc if you use XP is not a problem, the main problem is Themida don't work.

Author:  lelejau [ Thu Dec 03, 2015 9:13 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

all right, thanks for the information. Ill try it in a few days and I come back here if I find any problems.

Author:  atom0s [ Sun Dec 06, 2015 7:32 am ]
Post subject:  Re: How Unpack Themida 2.x.x

Windows 7 32bit works fine for unpacking with this script.

If you have a 64bit OS you can download a virtual machine program like VirtualBox, VMWare, etc. to just run another 32bit os in a virtual machine instead of reinstalling your OS.

Author:  garfield028 [ Mon Dec 21, 2015 11:14 am ]
Post subject:  Re: How Unpack Themida 2.x.x

hi , i used the unpack script and don't work done..

the resposne message : [ when the i was running script ]

"If WL doesen't use a MessageBoxExA API to show you the HWID Nag
or other messages then it used a custom code.In this case just pause
the script if you see the message then pause Olly open call stack and
set a soft BP from where it was called from = after message loop.Now
remove BP again and set the script eip on the label......"

...

i want to know i bp where ? bp what time?

thank you very much...

Author:  hckhenrique [ Tue Dec 22, 2015 3:05 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

Can you try please with this file?
https://www.sendspace.com/file/ehrzot

I tried but I get different messages from Odbg, I am probably doing something wrong...

Author:  tb52525 [ Tue Dec 22, 2015 8:09 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

Can you try to unpack this file for me?

I've been trying all week and no success.

https://www.sendspace.com/file/q9mkjo

Thank you in advance.

Author:  danjin21 [ Sun Jan 10, 2016 9:45 am ]
Post subject:  Re: How Unpack Themida 2.x.x

i did well until now!

BUT

when i check no at when asked to check NOPPER..

then nothing happen....

i could see Xbundler prepair sign not found! at log window...

windows7 or high blarblar... then should i use windows XP? Not Vista? (I'm Vista user)

and... it say.. " if Xbundler found in auto-modus , it will dump blarblar... then should i download Xblunder..?

do u know why?

if u want see my EXE, then i will upload.. plz answer!!

ps my computer is 32bit

and i did all and clear !

Author:  CriticalError [ Sun Jan 10, 2016 2:51 pm ]
Post subject:  Re: How Unpack Themida 2.x.x

you need use Windows XP to unpack this targets as well, if you will use W7 need other plugins are not incluided in this topic.

Page 2 of 5 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/