Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   Magicmida - Themida unpacker (https://forum.exetools.com/showthread.php?t=20466)

dnvthv 02-25-2023 20:40

Magicmida - Themida unpacker
 
Magicmida is a Themida auto-unpacker that works on some 32-bit applications. It works on all versions of Windows (XP and later).

Functions:

Unpack: Unpacks the binary you select. The unpacked binary will be saved with an U suffix.
MakeDataSects: Restores .rdata/.data sections. Only works on very specific targets.
Dump process: Allows you to enter the PID of a running process whose .text section will be dumped (overwritten) into an already unpacked file. This is useful after using Oreans Unvirtualizer in OllyDbg. Only works properly if MakeDataSects was done before.
Shrink: Deletes all sections that are no longer needed (if you unvirtualized or if your binary does not use virtualization). Warning: This will break your binary for non-MSVC compilers.

Note: The tool focuses on cleanness of the resulting binaries. Things such as VM anti-dump are explicitly not fixed. If your target has a virtualized entrypoint, the resulting dump will be broken and won't run (except for MSVC6, which has special fixup code to restore the OEP).

Important: Never activate any compatibility mode options for Magicmida or for the target you're unpacking. It would very likely screw up the unpacking process due to shimming.
Anti-anti-debugging

Newer versions of Themida detect hardware breakpoints. In order to deal with this, injecting ScyllaHide is supported. A suitable profile is shipped with Magicmida. You just need to download SycllaHide and put HookLibraryx86.dll and InjectorCLIx86.exe next to Magicmida.exe. Do not overwrite scylla_hide.ini unless you know what you're doing.
Code:

https://github.com/Hendi48/Magicmida
I found from google.

CZC 04-24-2023 19:12

Does anyone have a compiled "Magicmida.exe" ? I have failed to cross-compile it with lazarus on my linux machine.

yoza 04-24-2023 19:28

Quote:

Originally Posted by CZC (Post 127571)
Does anyone have a compiled "Magicmida.exe" ? I have failed to cross-compile it with lazarus on my linux machine.

The link above at github (Top page) contents the release : Compiled and sources code.
Please check it up.

CZC 04-25-2023 17:35

Quote:

Originally Posted by yoza (Post 127572)
The link above at github (Top page) contents the release : Compiled and sources code.

I've looked there before but for some reason I couldn't see the binary :)
Thanks.

yoza 04-25-2023 20:34

Quote:

Originally Posted by CZC (Post 127577)
I've looked there before but for some reason I couldn't see the binary :)
Thanks.

Try to download here:
(All release includes the latest ScyllaHide)
Code:

https://mega.nz/file/i1NCXJYK#T36KBmDZMKSKJhcjt16ISSARcTDm8XU63GtjwnEMY8Q

Turkuaz 04-25-2023 21:54

Quote:

Originally Posted by yoza (Post 127578)
Try to download here:
(All release includes the latest ScyllaHide)
Code:

https://mega.nz/file/i1NCXJYK#T36KBmDZMKSKJhcjt16ISSARcTDm8XU63GtjwnEMY8Q

The file you are trying to download is no longer available

uranus64 04-25-2023 23:50

Quote:

Originally Posted by Turkuaz (Post 127579)
The file you are trying to download is no longer available

Link is good and works. Try use VPN or something. Tested right now !

bolo2002 04-27-2023 00:01

Quote:

Originally Posted by uranus64 (Post 127583)
Link is good and works. Try use VPN or something. Tested right now !

working too.

CrackDJ 07-31-2023 02:32

Very useful tool for packed themida, trying out now! :)

Asus 10-31-2023 09:50

I hope developer is still working on this tool and x64 app will be supported.


All times are GMT +8. The time now is 16:33.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX