so today I will release my new TheMIDA & WinLicense unpack script.So will know already my previous script and this new one is a advanced version of my other script and of course is it based of the original main unpack script by quosego.So all original fixing features by quosego are also included and used how you will see if you are using the new script.So a big special thanks goes of course to quosego and without his script would this new script not possible.
So I added some new features which makes the unpack process faster and it will help you to get your files unpacked.The main feature which I added was the "Master Direct API Code Patching" which will fix all direct APIs in your file very fast at the original IAT.So if you choose this feature then you need no more use the UIF or ImportsFixer tool.Just ImpRec.So I created seven unpack movies where you can see how to use the script.In the first movies you can read some comments my me and from the third movie not more so much so I got some record problems and changed the record tool which is also not the best to write some comments.Anyway.So you will see what happend in the movies and just follow.
Themida - Winlicense 1.x - 2.x Multi PRO Edition 1.0
****************************************************
( 1.) Unpacking of WinLicense & TheMida Targets
( 2.) Three Way Unpack Choice Possibilities x3
( 3.) Supports IAT Special Patch & ESP CRC Checking
( 4.) Use UIF or ImportsFixer or Script + DI Patch
( 5.) Code-En-Crypt Fixer
( 6.) Cryp-To-Code Fixer
( 7.) Version Identification
( 8.) Magic Jump Finder
( 9.) Manually Enable & Disable Option Choice
( 10.) VM OEP Finder xII + [Intelli Version]
( 11.) 500 Bytes Extra Stack-Anti-Dump Checking
( 12.) Master Direct API Code Patching
( 13.) TLS Callback Killer
( 14.) Choice To Break Close On HWID & TRIAL Stop
( 15.) Turbo Patching Mode
( 16.) VM WARE Fixer by quosego
( 17.) EXE & DLL Support with LoadDll
****************************************************
In the movies you will see some exsamples about normal unpacking of exe,HWID & DLL files.I added also a exsample how to extract some XBundler files from a target.All in all some helpfully exsamples for you to get a good start with this script.
I will post also all unpackmes from my tuts for you in the second post so that you don't need to search them anymore and you can test all by yourself.Thats all for the moment.So then have fun and if something not works then post a reply on this topic.
PS: Don't forget the Tutorial UnpackMe Set.rar in the second post!
UPDATE: 1.1
***********
- Fixed some bug's
- Added forcing heap fixing
- Added improved direct API fixing method
- Added three new direct API checking patches
- Added second dll base compare string
- Added improved address compare 00 byte bug
- Added loaded module overview
- Added second sleep string
- Added stack-anti break check | ntdll | auto disable
- Added second VM Ware check [later loop]
***********
So here comes a new update.Fixed some bug's and added some new check stuff for the moment.
- Stack-anti break check will disable checking and goes to the next step.
- I added also a second VM Ware check [later loop].Not testet under VM Ware!Hope that it works for you.
- I changed direct API fixing.[removed blind PE check - Olly crach in some cases] script use system PEB struct now.
UPDATE: 1.2
***********
- Fixed one direct API address compare check patch
- Added new skip messagebox for the last API compare checking | Can take a long time if used!
UPDATE: 1.2
***********
- Fixed one direct API address compare check patch
- Added new skip messagebox for the last API compare checking | Can take a long time if used!
发表于 2011-3-28 11:41
发表于 2011-3-28 11:45
发表于 2011-3-28 11:52
|
发表于 2011-4-25 11:18
英文水平不行,没看太懂。
