Exetools  

Go Back   Exetools > General > Community Tools

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-25-2023, 20:40
dnvthv dnvthv is offline
Family
 
Join Date: Nov 2010
Posts: 91
Rept. Given: 121
Rept. Rcvd 35 Times in 19 Posts
Thanks Given: 93
Thanks Rcvd at 48 Times in 14 Posts
dnvthv Reputation: 35
Magicmida - Themida unpacker

Magicmida is a Themida auto-unpacker that works on some 32-bit applications. It works on all versions of Windows (XP and later).

Functions:

Unpack: Unpacks the binary you select. The unpacked binary will be saved with an U suffix.
MakeDataSects: Restores .rdata/.data sections. Only works on very specific targets.
Dump process: Allows you to enter the PID of a running process whose .text section will be dumped (overwritten) into an already unpacked file. This is useful after using Oreans Unvirtualizer in OllyDbg. Only works properly if MakeDataSects was done before.
Shrink: Deletes all sections that are no longer needed (if you unvirtualized or if your binary does not use virtualization). Warning: This will break your binary for non-MSVC compilers.

Note: The tool focuses on cleanness of the resulting binaries. Things such as VM anti-dump are explicitly not fixed. If your target has a virtualized entrypoint, the resulting dump will be broken and won't run (except for MSVC6, which has special fixup code to restore the OEP).

Important: Never activate any compatibility mode options for Magicmida or for the target you're unpacking. It would very likely screw up the unpacking process due to shimming.
Anti-anti-debugging

Newer versions of Themida detect hardware breakpoints. In order to deal with this, injecting ScyllaHide is supported. A suitable profile is shipped with Magicmida. You just need to download SycllaHide and put HookLibraryx86.dll and InjectorCLIx86.exe next to Magicmida.exe. Do not overwrite scylla_hide.ini unless you know what you're doing.
Code:
https://github.com/Hendi48/Magicmida
I found from google.
Reply With Quote
The Following 8 Users Say Thank You to dnvthv For This Useful Post:
blue_devil (03-04-2023), CrackDJ (07-31-2023), darkBLACK (03-16-2023), Doit (08-25-2023), Mendax47 (02-26-2023), pnta (08-09-2023), wilson bibe (02-26-2023), yoza (04-24-2023)
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 23:54.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )