#1
|
|||
|
|||
unpack Themida/Winlicense 2.x / finding OEP / 64bit
Hello,
I have a packed 64bit Application that is packed/obfuscated with Themida 2.x (or higher) or Winlicense 2.x or higher... Now, my Problem is, all OllyDbg unpacking scripts for Themida are out, while the application is 64bit. I've tried any Themida 2.x unpacking tools (UnThemida 2x,3x from Coldfever), that are ends in the Anti-Debugger Sequence and a Messagebox, and the application is terminated. The Code for the Anti-Debugger sequence, unpacks its self, and the strings are obfuscated. because i can start the Application with x64dbg and IdaPro without Anti-Debugger detection and i can analyze the Application, this takes a while, but the original file is 47MB big. now, after the complete execution of the application, and dumping the application via scylla (with the fake oep from themida, and correct imports without errors, the file checksum is wrong) the application doesn't run without a message... i tried to pe rebuild, but this not works. when i start the dumped application in x64dbg or ida, i become the exception c0000005 for memory access error. i am not be able to find die orig oep from the application... :/ can anybody give me tips please, to resolve my problem? |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Winlicense (Themida) 2.4.6 x64 Help for Bypass/Unpack | Reaper | General Discussion | 2 | 04-30-2021 18:37 |