Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Old 10-13-2019, 06:27
Sany Sany is offline
Join Date: Oct 2019
Location: r00t
Posts: 39
Rept. Given: 0
Rept. Rcvd 4 Times in 1 Post
Thanks Given: 19
Thanks Rcvd at 45 Times in 7 Posts
Sany Reputation: 4
unpack Themida/Winlicense 2.x / finding OEP / 64bit


I have a packed 64bit Application that is packed/obfuscated with Themida 2.x (or higher) or Winlicense 2.x or higher...

Now, my Problem is, all OllyDbg unpacking scripts for Themida are out, while the application is 64bit. I've tried any Themida 2.x unpacking tools (UnThemida 2x,3x from Coldfever), that are ends in the Anti-Debugger Sequence and a Messagebox, and the application is terminated. The Code for the Anti-Debugger sequence, unpacks its self, and the strings are obfuscated.

because i can start the Application with x64dbg and IdaPro without Anti-Debugger detection and i can analyze the Application, this takes a while, but the original file is 47MB big.

now, after the complete execution of the application, and dumping the application via scylla (with the fake oep from themida, and correct imports without errors, the file checksum is wrong) the application doesn't run without a message... i tried to pe rebuild, but this not works.

when i start the dumped application in x64dbg or ida, i become the exception c0000005 for memory access error. i am not be able to find die orig oep from the application... :/

can anybody give me tips please, to resolve my problem?
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Winlicense (Themida) 2.4.6 x64 Help for Bypass/Unpack Reaper General Discussion 2 04-30-2021 18:37

All times are GMT +8. The time now is 01:16.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )