Gentlemen,

This is not (specifically) a request for cracking. I'm mostly stuck trying to unpack a themida protected EXE. If this does belong in the crack request. Please lock and don't hit me with your ban hammer to hard >_<

I'm using ollydbg with the following plugins.
CodeDoctor
MUltimate Assembler
ODbgScript
Oreans UnVirtualizer
PhantOm
StringOD
and using LCF-AT's themida script

I've tried multiple times to find the OEP for this file (Make.exe) however, i'm having really no luck. You can see my poor attempt at dumping in the poor attempt folder.

What i'm most interested in is how this can be dumped. I'm still very new, but need a little guidance.

If someone would dump it, and give an example of how they achieved the goal and what tools were used it would greatly be appreciated!

Thanks!
-Z

| Сообщение посчитали полезным:

There is literaly millions of tutorials around dedicated to exactly your problem.
This one for example:
--> http://www.oocities.org/r_etarded/ollydump/ollydump.html<--
Read it, hopefully it'll help.

-----
Give me a HANDLE and I will move the Earth.

| Сообщение посчитали полезным:

plutos, Thanks for your reply.

I have followed tons of tuts (mostly from tuts4you and by LCF-AT) but either i fully don't understand, or this exe is protected in a different way. (but i'm not sure how to tell).

I have analyzed with exeinfo, peid, and they all show it packed with themida.

Thanks
-Z

| Сообщение посчитали полезным:

What do you mean, "but i'm not sure how to tell"?
You just deternined the type of protector, did not you? ("they all show it packed with themida")
So, if this is indeed the case, read about unpacking .exe's packed with Themida. There is a lot written about it even here on this forum, just search.

-----
Give me a HANDLE and I will move the Earth.

| Сообщение посчитали полезным:

Plutos,

I did determine the type of protector. It is Themida. However, i'm unsure if its protected with multiple protectors. (Sorry if i was not clear).

My problem has been finding the OEP or Near OEP. Following a ton of tuts, with no luck. I've tried both using scripts, and doing the manual way. There are anti-dumps, so i know doing it the manual way will prove difficult. After setting a memory breakpoint on the code address in memory, i never end up at the OEP (or close). Even after stepping over all of the debugging detectors.

Sorry, i know newbs like me are thorns in the side.

-Z

| Сообщение посчитали полезным:

ZeroTears
program is written in Visual C#
used tools MegaDumper, UniversalFixer, de4dot
try --> unpacked <--

| Сообщение посчитали полезным: ZeroTears

@Jaa...

Thank you very much! I downloaded those tools from Tuts4you. The Universal fixer was the key to fixing the dump. After I dumped the app before with MegaDumper it was not coming up in reflector, so i thought it was in another language. (I did not know about the fixer).

I do have a successful dump now. I'm still working towards doing it myself with olly. Un-Packing is hard, Patience is key.

Thumbs up for you sir!

-Z

| Сообщение посчитали полезным: