Unlicense (dynamically unpack executables protected with Themida/WinLicense)
# Unlicense [](https://www.python.org/downloads/) !(https://github.com/ergrelet/unlicense/actions/workflows/win64-ci.yml/badge.svg?branch=main) !(https://github.com/ergrelet/unlicense/actions/workflows/win32-ci.yml/badge.svg?branch=main)A Python 3 tool to dynamically unpack executables protected with
Themida/WinLicense 2.x and 3.x.
Warning: This tool will execute the target executable. Make sure to use this
tool in a VM if you're unsure about what the target executable does.
Note: You need to use a 32-bit Python interpreter to dump 32-bit executables.
## Features
* Handles Themida/Winlicense 2.x and 3.x
* Handles 32-bit and 64-bit PEs (EXEs and DLLs)
* Handles 32-bit and 64-bit .NET assemblies (EXEs only)
* Recovers the original entry point (OEP) automatically
* Recovers the (obfuscated) import table automatically
## Known Limitations
* Doesn't handle .NET assembly DLLs
* Doesn't automatically recover OEPs for executables with virtualized entry points
* Doesn't produce runnable dumps in most cases
* Resolving imports for 32-bit executables packed with Themida 2.x is pretty slow
## How To
### Download
You can either download the PyInstaller-generated executables from the "Releases"
section or fetch the project with `git` and install it with `pip`:
```
$ git clone https://github.com/ergrelet/unlicense.git
$ pip install unlicense/
```
### Use
If you don't want to deal the command-line interface (CLI) you can simply
drag-and-drop the target binary on the appropriate (32-bit or 64-bit) `unlicense`
executable (which is available in the "Releases" section).
Otherwise here's what the CLI looks like:
```
$ unlicense --help
NAME
unlicense - Unpack executables protected with Themida/WinLicense 2.x and 3.x
SYNOPSIS
unlicense EXE_TO_DUMP <flags>
DESCRIPTION
Unpack executables protected with Themida/WinLicense 2.x and 3.x
POSITIONAL ARGUMENTS
EXE_TO_DUMP
Type: str
FLAGS
--verbose=VERBOSE
Type: bool
Default: False
--pause_on_oep=PAUSE_ON_OEP
Type: bool
Default: False
--force_oep=FORCE_OEP
Type: Optional]
Default: None
--target_version=TARGET_VERSION
Type: Optional]
Default: None
--timeout=TIMEOUT
Type: int
Default: 10
NOTES
You can also use flags syntax for POSITIONAL ARGUMENTS
```
Down:
https://github.com/ergrelet/unlicense/releases Themida/WinLicense自动脱壳哦{:1_921:} 要脱壳的是个32位的exe,系统是win10 64位,python以前装的3.10.8,运行没报错,只是最后dump很慢,得到了一个3倍大的exe,图标正常,但无法运行。用查壳工具看这个脱壳后的exe,没有壳了。
D:\P***>unlicense.exe P***.exe
INFO - Detected packer version: 2.x
frida-agent: Setting up OEP tracing for "P***.exe"
frida-agent: Exception handler registered
frida-agent: OEP found (thread #7036): 0x4012a0
INFO - OEP reached: OEP=0x4012a0 BASE=0x400000 DOTNET=False
INFO - Looking for wrapped imports ...
INFO - Potential import wrappers found: 43
INFO - Generating exports' hashes, this might take some time ...
INFO - Resolving imports ...
INFO - Imports resolved: 287
INFO - Generated the fake IAT at 0xef0000, size=0x47c
INFO - Patching call and jmp sites ...
INFO - Dumping PE with OEP=0x4012a0 ...
INFO - Fixing dump ...
INFO - Rebuilding PE ...
INFO - Output file has been saved at 'unpacked_P***.exe' 超级棒👍🏻 小白求问这是啥 一个中文都没有,这不是考研吾友吗 英语大佬才能看懂,谢谢! 提示包版本错误,
ERROR: Could not find a version that satisfies the requirement pyscylla<0.12.0,>=0.11.0 (from unlicense) (from versions: 0.10.0)
ERROR: No matching distribution found for pyscylla<0.12.0,>=0.11.0
请问如何解决,谢谢! 请问有安装成功的吗。 有没有成品exe????楼主把编译版本发过来吧,谢谢 不行啊返回这个 ERROR - Original entry point wasn't reached before timeout