ZenHAX
https://zenhax.com/

How Unpack Themida 2.x.x (WXP)
https://zenhax.com/viewtopic.php?f=4&t=1051
Page 4 of 6

Author:  marcioaraujo [ Fri Mar 18, 2016 7:24 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

Help me.
Problem! END IAT Pointer not found!

Image

Author:  oisilener1982 [ Sat Mar 19, 2016 5:45 am ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

I am getting this Pusha Error :cry: I am using Windows 7 SP1 64 bit
Image
This happened at Step 7. I clicked Yes and it is OK. I clicked No then Pusha Error
Image
Below is the Protection ID Screenshot
Image
Attachment:
Pusha Error.JPG [92.78 KiB]
Not downloaded yet


Below is the program that i want to unpack. I paid for the program that I want to unpack but unfortunately it will only work in my PC because of HWID protection and it is also packed with themida.

Quote:
https://drive.google.com/file/d/0ByTHZVm-0I7Kc2hHSEVBSEw3UGs/view?usp=sharing

Author:  azreq02 [ Sun Mar 20, 2016 6:51 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

Hey, I tried unpacking a dll themida but I cant :/ can anyone unpack please :D?

Attachments:
Internet Filesi.zip [2.18 MiB]
Downloaded 218 times

Author:  kfcsmitty [ Mon Mar 28, 2016 6:53 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

Hi, thanks for this tutorial!

Your unpacker seems to work properly until just before the "finished" message for me, when it says it was unable to dump the file and I would have to dump manually.

Are there troubleshooting steps you would usually give to someone in this scenario or anything that might help nudge me along?

Thanks,

Smitty


*edit* So my whole issue was because I was running the script on a .bin file. Changing the file extension to .exe fixed my issue.

Author:  TetraMan [ Wed Apr 13, 2016 1:18 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

Has anybody used this method against Themida 2.4?

I successfully unpacked an app protected by earlier Themida.

Now I am attempting unpacking of app protected by Themida 2.4

Some of the script popups are not appearing as expected (specifically, the very first popup during the first run - it does not appear... the application simply continues to run as normal), however, the script does produce a dump (unpacked) executable.

Upon running the unpacked version, however, it crashes with "... instruction at... referenced memory... The memory could not be read."

If anybody has successfully unpacked an app protected by Themida 2.4, did you use this method? Did the process go as outlined in the instructions? Did you do anything differently?

Author:  repahidis [ Mon Apr 18, 2016 5:03 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

hello, first thanks for tutorial. I make all steps same yours but I have an error like on screeenshoot. please give me a resolve, its make me angry :evil: :oops:
Image

Author:  CriticalError [ Mon Apr 18, 2016 7:49 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

repahidis wrote:
hello, first thanks for tutorial. I make all steps same yours but I have an error like on screeenshoot. please give me a resolve, its make me angry :evil: :oops:
Image
check correct path of ArImpRec.dll when you configure it in script.

Author:  andriuskk [ Mon Apr 25, 2016 9:52 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

*moderator edit* removed useless big quote.


Im need help for this https://drive.google.com/folderview?id= ... sp=sharing
Pls help me remove
It helps me to remove Security and Themida

This is autokill for muglobal webzen

more price for this hack is 20 usd/month
i need cracked this hack :)

Author:  erikeleria [ Tue Apr 26, 2016 2:43 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

Hello everyone. I need help. I was trying to unpack a game but in the middle of themida script running I hit a wall. I think this is only for 32bit systems 'coz I'm on a 64bit system. Would anyone tell me what to do or edit to make themida script run for 64bit system. It tells me to use TitanHide or ScyllaHide but I don't know what to do with it

OR

@CriticalError, can you unpack the exe for me?

Author:  lotficrew [ Wed May 04, 2016 12:12 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

:( :( :( :( :(
IATSTART VA
and IATEND VA pointer not found :evil: :evil: :evil: in dump windows how fixe them ?

this is the softwar who i want to unpack it plzzzz helppp :roll: :roll: :roll:

http://www.cdma-ware.com/workshop/demo/cdma_workshop.rar

Author:  briggs [ Mon May 16, 2016 5:25 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

I ran your script and definitely was able to unpack my file (it at least a little bit) because I couldn't find any text strings or intermodular calls before and now I can. Also protectId tells me there is no more packing detected!! So that's good.

The problem is that the file is not executable anymore!!
-It crashes...
-Olly says: Bad or unknown format of 32-bit executable file 'msvcp100.dll'
-Olly says: Bad or unknown format of 32-bit executable file 'msvcr100.dll'

Also, there are still some things telling me the binary is packed:

-RDG Packer Detector tells me the binary is "probably" still packed with Themida (before it said Themida/Winlicense 2.x).
-Olly tells me that the binary has entry point outside of the code section and probably is compressed

So is the binary "half-unpacked"? What do I need to do?
Thanks for any help...

Author:  rubens [ Sat May 28, 2016 12:56 am ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

PhantOm plugin 1.79 link broken link, new upload thank you

Author:  kimeknyaasu [ Sat Jun 04, 2016 6:50 am ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

can you help me unpack a program?

Author:  kimeknyaasu [ Sat Jun 04, 2016 9:56 am ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

Problem ! END IAT Pointer not found!

Author:  hamducbuon [ Sun Aug 21, 2016 2:55 am ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

Image

Please show me fix it..
Error "Text: bc eip"
Thank you !

Author:  aluigi [ Thu Sep 01, 2016 5:59 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

The following are some posts that were posted as "topics" so I collect them here (and delete the wrongly open topics):

DoctorVx wrote:
Please help unpack library packed Themida 1.8.x.x -> Oreans Technologies *


TetraMan wrote:
I see - only after clicking Submit - that I created a new thread rather than adding to existing topic:
viewtopic.php?t=1051 (oops!)

I have applied the lessons of the thread above. I am working with OllyDbg 110, Windows XP 32bit, and have all the proper plugins.

I have completed the entire process and the Themida script ran without error.

When launching the dumped file, I get ACCESS VIOLATIONs memory reads.
I can click through these, and the application initializes properly.
Some application functions work perfectly. Others throw ACCESS VIOLATION.

I found a post by LCF-AT https://forum.tuts4you.com/topic/21043- ... hemida-24/ which seems to talk about access violation hook and other things. That post is brief and provides insufficient detail to guide me.

Can anybody offer any guidance? If you have a PayPal account, I will pay 50USD for a complete process to solve this.


oziel235 wrote:
I need help to do unpack in this file.

http://www.mediafire.com/download/9ehv3ckb1dmvhw6/rhclient.exe

Thanks


erikeleria wrote:
Since I'm on a x64 system and Themida/Winlicense script only works on x86 system, I had to get a XP x86. Well, I tried Windows XP Mode which worked fine until I had to open the file I'm gonna work on and viola, an error, "Unable to start file C:\blahblah.exe" .. Anyone here got this problem also?


Attachments:
File comment: stAct3.zip for the post of DoctorVx
stAct3.zip [2.06 MiB]
Downloaded 172 times

Author:  ZilexSeryth [ Mon Sep 12, 2016 10:34 am ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

HI, First of all sorry for bad english

does this work on
Quote:
Talisman Online
Client.exe

I'm wondering cuz Client.exe can't ran without a launcher.
the launcher can only be a .Bat File

the GM's of the game has made a launcher (naming Launcher.exe). they made this for an automatic patcher of the game.

Launcher.exe and Client.exe are themida packed.

my goal would be to know what is inside the Client.exe so I can know what is happening and what is it doing running to run the game.

so I can Create my Own Client.exe

Don't Worry about Me cracking the game, That Game has many of private servers, therefor it is accessible to many already.

Author:  kdn [ Thu Sep 15, 2016 4:13 am ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

Hi all, this tutorial worked well for me, I unpacked my file using a winxp virtual machine, one thing I have noticed though, I can excute the unpacked file on my xp machine with no issues, however copying to my win7 machine, the file wont open. Anyone else noticed this?

Also if you want to hear something funny, after I executed my unpacked file, it threw an error "the size of this file is not correct, please redownload it" im sure I can bypass that now its all clear code!

Author:  CriticalError [ Thu Sep 15, 2016 7:03 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

ofc this is dumped in XP no in 7, for make it work, you need make changes in the code of the dumped file to run into Win7, thats simple the kernel is different in XP than 7.

Author:  aluigi [ Thu Sep 15, 2016 11:29 pm ]
Post subject:  Re: How Unpack Themida 2.x.x (WXP)

@CriticalError
Maybe you can provide a zip containing the whole ollydbg folder already setup and with all the necessary plugins and modifications so that the users can just unzip and use it without looking for dead links and editing stuff.

Page 4 of 6 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/