Создано: 23 июля 2013 22:29 · Поправил: ZeroTears New! Цитата · Личное сообщение · #1
This is not (specifically) a request for cracking. I'm mostly stuck trying to unpack a themida protected EXE. If this does belong in the crack request. Please lock and don't hit me with your ban hammer to hard >_<
I'm using ollydbg with the following plugins. CodeDoctor MUltimate Assembler ODbgScript Oreans UnVirtualizer PhantOm StringOD and using LCF-AT's themida script
I've tried multiple times to find the OEP for this file (Make.exe) however, i'm having really no luck. You can see my poor attempt at dumping in the poor attempt folder.
What i'm most interested in is how this can be dumped. I'm still very new, but need a little guidance.
If someone would dump it, and give an example of how they achieved the goal and what tools were used it would greatly be appreciated!
Создано: 24 июля 2013 07:03 · Поправил: plutos New! Цитата · Личное сообщение · #4
What do you mean, "but i'm not sure how to tell"? You just deternined the type of protector, did not you? ("they all show it packed with themida") So, if this is indeed the case, read about unpacking .exe's packed with Themida. There is a lot written about it even here on this forum, just search.
Создано: 25 июля 2013 01:11 New! Цитата · Личное сообщение · #5
I did determine the type of protector. It is Themida. However, i'm unsure if its protected with multiple protectors. (Sorry if i was not clear).
My problem has been finding the OEP or Near OEP. Following a ton of tuts, with no luck. I've tried both using scripts, and doing the manual way. There are anti-dumps, so i know doing it the manual way will prove difficult. After setting a memory breakpoint on the code address in memory, i never end up at the OEP (or close). Even after stepping over all of the debugging detectors.
Sorry, i know newbs like me are thorns in the side.
Создано: 25 июля 2013 23:57 · Поправил: ZeroTears New! Цитата · Личное сообщение · #7
Thank you very much! I downloaded those tools from Tuts4you. The Universal fixer was the key to fixing the dump. After I dumped the app before with MegaDumper it was not coming up in reflector, so i thought it was in another language. (I did not know about the fixer).
I do have a successful dump now. I'm still working towards doing it myself with olly. Un-Packing is hard, Patience is key.