10 lines code dumped themida
3 Attachment(s)
Here the XprotStripper core code by kernelkiller
Code:
#define BASE 0x00400000 |
Do you know? Most exe files must dump at OEP or near OEP.
|
I am observing Xprotector/Themida noise in last time. Someone wants to make a lot of noise but there is no effect. Strange tools appeared last months but they do not work and there is no description/feature of virtual code recovery. If there are working tools then I understand someone managed to unpack Themida. May I ask where is it?
Dumpers? For what? You can dump each Themida executable in few minutes, without any special tools, in any moment you want (including Themida decryptor stage). So what? It is ~10% of work. How will you deal with memory blocks checksum and virtual instructions? I wonder what is the point of releasing such tools. So far I see chaos only. |
I can see the point. There is a personal debate between the chinese author of the stripper (which by the way, afaik, is a registered customer of Xprotector/Themida) and the author of XProtector/Themida. That's how the stripper had all the latest registered versions to implement his stripper. If you notice the latest 1 or 2 versions are not supported. Possible author of XProtector/Themida banned him.
Xprotector/Themida is very popular in China, because developers use it to protect mobile applications. They want maximum security to protect their sensitive communication between software + mobiles (you know those SIM and mobile unlocking bring lot of money). In another point of view, its a "syd" copy (or attempt, or something). :cool: |
All times are GMT +8. The time now is 19:29. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX