Hi guys!
Ask for your help as the
most skillful reversing community that I know. Long time I can't find any tools/tuts/help to
unpack or even
bypass HWID lock of the x64 version of winlicense (themida) packer.
I spent 4 months testing a lot of methods (from runpe dump to writing own hypervisor for full os hardware emulation) but still not defeat this protector -
winlicense 2.4.6 x64.
So when I found this community, decide to ask, maybe someone had similar experience and can help with unpack or give some advice, links, any info or tools.
So - target is x64 c++ console application (and i also have working regkey), packed with winlicense 2.4.6 x64 (exeinfope, die 3 detection) and locked to HWID (all 4 options, CPU, HDD, BIOS, MAC).
I can bypass anti vm and anti debug. Also I can see api calls via external tools (WinApiOveride, Deviare SpyStudio). Also i explore how themida geather HWID, all 4 parts (dwords) and methods (api calls) how it get this. And maybe I will just finish my hook app to bypass HWID but for CPU identification themida use
CPUID which is asm mnemonic and cant be hooked from user space (only driver like own hypervisor).
I started searching for intel vt-x most simple working hypervisor, which implements CPUID spoofing, but there are tons of bugs and it's hard to debug and write.
So I still hopes that some had similar experience in the past with unpacking/bypassing x64 version of themida / winlicense and
Ask for any help