风吹屁屁凉 发表于 2014-1-2 18:11

Themida - Winlicense Ultra Unpacker 1.0

Hello,

so now it's finally done and time to release my newest unpack script for TM & WL after a long time.So you maybe know already my older unpack script for this protection which was no more working for newer protected files and thats the reason why I did start to write a new script what you can later use to unpack your files.So I added many new stuff to make it compatible with all files even if older or newer etc and I think I found a good balance to handle it.NET-FrameWork protected files are also supported now so this could be very interesting for you "only" if you have any NET HWID protected files right?So I also made a exsample for this feature.The script will also work on Windows 7 32 Bit so I have test this too by myself in a VM and you see it too later.

TheMida - WinLicense Ultra Unpacker 1.0
***************************************************
( 1.) Unpacking of WinLicense & TheMida Targets
( 2.) Filesize Checker
( 3.) VM WARE Check & Bypass
( 4.) VM OEP Finder         
( 5.) IAT Special Patch - Turbo Mode
( 6.) Module EFL Check & Patch                   x2
( 7.) Auto IAT Finder
( 8.) Direct API Commands Fixer - New Version      
( 9.) Extra Direct API Commands Jump Fixer   
( 10.) Imports Table Calculator                     
( 11.) Advanced Imports Creator         
( 12.) Full VM Entry Scans                           
( 13.) Various Anti Dumps Fixers                     
( 14.) Various Macro Fixers                           
( 15.) SDK VM API Scan                              
( 17.) RISC VM Dumper                                 
( 18.) CISC & RISC & TIGER & FISH VM Support         
( 19.) HWID Bypass - CISC + User Datas               
( 20.) HWID Bypass - CISC & RISC - Independently      
( 21.) Log File Creater                              
( 22.) ASLR Cleaner                                 
( 23.) TLS Callback Remover                           
( 24.) Advanced Section Calc & Adder                  
( 25.) Target File Dumper + PE Rebuilder            
( 26.) Auto Dump PE Rebuilder                        
( 27.) NET.FrameWork Support                  
( 28.) Exe & DLL Support                              
( 29.) WinXP SP2|3 & Windows 7 | 32 Bit Support      
***************************************************
Environment :WinXP-SP2/SP3 or Windows7 32 Bit,OllyDbg V1.10
               ODBGScript v1.82.6,StrongOD 0.4.8.892,PhantOm 1.79

Environment :ARImpRec.dll by Nacho_dj - Big Special Thanks :)

DLL is used to get:
****************************************************
API Names | Ordinals | Module Owners by Address
As you can see also this script does use again the ARImpRec.dll by Nacho_dj which I also used already in my VMProtect Ultra Unpacker script but this dll is not the same so just use only this dll which you will find in my tutorial package and not the dll from my other VMP script and of course you also need to change the script itself if you do enter "YOUR dll path of the ARImpRec.dll" so this is also the first and important part.All infos and more can you also read in the script itself so there I wrote many small descriptions so that also you can't do something wrong in the best case. :)

The script has also a own label called "USER_OPTIONS:" where you can enable / disable some script options etc if you need.

I know already that some of you have or get always some trouble with the script handling or some other problems etc and to prevent this possible things in advance I created again some videos (8) where you can see and follow each steps from A - Z and of course I wrote down all necessary informations and "special situations" in extra text files and which you also should read!

I added also a nice UnpackMe Set with different protected files from old till latest / HWID etc.As you can already see in the script features I added a another and new HWID Bypass method which works Independently which is called BYPASS_HWID_SIMPLE.So if you need or wanna try this then enable this before you run the script so this should be clear.

All in all I would say it has become a very nice script and I have test it with many files.Now about you.So I only expect from you that you also will take the time to watch all videos and to read all text infos I made so I know its maybe hard for you to stay tuned to watch them all or to read anything I wrote etc but this could help you of course.So if something not works in your case then just check this again with a little attention and if really nothing helps etc then you can ask with your questions on this topic so that would be already very nice for me.

So I think thats all now what I have to say for the moment about it.So then have fun with the script and if its helpfully or not for you or if you are not satisfied or if you like it etc then send a feedback if you want.So its always good to know whether the scirpt will also work for you and not just for me. :)

打包了一下脚本:

完整试炼品和演示视频请到下面地址下载:

PS: Below is the downloadlink to a extern free & fast host at the moment.

Tuts 4 You Download Link (83.26MB)Themida - Winlicense Ultra Unpacker 1.0 - Tutorial.rar (82.93MB)

索马里的海贼 发表于 2014-4-27 19:40

表示一直提示

---------------------------
OllyScript error!
---------------------------
Error on line 5088
Text: pusha
No such command: pusha
---------------------------
确定   
---------------------------

原谅我一点都不懂脱壳..

逍遥枷锁 发表于 2014-1-2 18:17

本帖最后由 逍遥枷锁 于 2014-1-2 18:18 编辑

怎么多英文怎么看的懂啊,这脚本怎么用,具体哪些步骤,指点下

Hmily 发表于 2014-1-2 18:21

LCF-AT真行啊,把脚本当代码写。。。

逍遥枷锁 发表于 2014-1-2 18:41

这视频看的我也很蛋疼啊,纠结自己英文不是太好。

农村人 发表于 2014-1-2 19:10

heiketian10 发表于 2014-1-2 19:24

lcf颠覆了人类的思维

li6574833 发表于 2014-1-20 18:43

1.0是版本号码????????????

wlyh999 发表于 2014-3-4 18:38

下来试下.谢谢!!!

andyblack 发表于 2014-4-5 17:42

向前辈学习!~!~

bensonhb 发表于 2014-4-27 15:53

下回来试,看能不能用先!!!
页: [1] 2
查看完整版本: Themida - Winlicense Ultra Unpacker 1.0