Thinstall unpacking

Hi all,

are the any tutorials or other informations about unpacking a thinstall-packed program out there?

Thanks in advance.

bKACK oUT

You have a target I can try?

Hi SvensK,

i want to reverse Reason 2.5 from Propellerhead, sorry, dont have a smaller target.

I know the packer works only when connected to the internet and uses eliptical-curve algo and other funny stuff.

[peleon]

I havent had a deep look at Thinstall internally....but my few tests tell me that it leaves the EXE almost untouched when decrypted, so you can make a dump (by regions) and construct the original EXE without suffering much

It's true that they use a local file system inside the EXE and that makes .NET application to be run without problems after protecting (no mangling any structures)...but, well, I think this is another story....

Thanks alot peleon.

[N0P]

Quote:

Originally Posted by bLACK oUT

Hi SvensK,

i want to reverse Reason 2.5 from Propellerhead, sorry, dont have a smaller target.

I know the packer works only when connected to the internet and uses eliptical-curve algo and other funny stuff.

Ihave unpacked Reason 2.5 demo with no-problem >> dump and fix some import > is there any diference betweam demo and full version ?

Sorry 4 my bad English iam only human

[MANtiCORE]

so ... and what about several exe's and dll's? how it dump? ... I try to unpack Thinstall.exe and get only first .exe file

[N0P]

Quote:

Originally Posted by MANtiCORE

so ... and what about several exe's and dll's? how it dump? ... I try to unpack Thinstall.exe and get only first .exe file

thinstall create virtual filestystem an hook some function such as CreateFile ReadFile ... you could BPX on it and dump ...