|
Hello,
so now it's finally done and time to release my newest unpack script for TM & WL after a long time.So you maybe know already my older unpack script for this protection which was no more working for newer protected files and thats the reason why I did start to write a new script what you can later use to unpack your files.So I added many new stuff to make it compatible with all files even if older or newer etc and I think I found a good balance to handle it.NET-FrameWork protected files are also supported now so this could be very interesting for you "only" if you have any NET HWID protected files right?So I also made a exsample for this feature.The script will also work on Windows 7 32 Bit so I have test this too by myself in a VM and you see it too later. TheMIDA - WinLicense Ultra Unpacker 1.0*************************************************** ( 1.) Unpacking of WinLicense & TheMida Targets ( 2.) Filesize Checker ( 3.) VM WARE Check & Bypass ( 4.) VM OEP Finder ( 5.) IAT Special Patch - Turbo Mode ( 6.) Module EFL Check & Patch x2 ( 7.) Auto IAT Finder ( 8.) Direct API Commands Fixer - New Version ( 9.) Extra Direct API Commands Jump Fixer [UC ( 10.) Imports Table Calculator ( 11.) Advanced Imports Creator [Auto Fixer ( 12.) Full VM Entry Scans ( 13.) Various Anti Dumps Fixers ( 14.) Various Macro Fixers ( 15.) SDK VM API Scan ( 17.) RISC VM Dumper ( 18.) CISC & RISC & TIGER & FISH VM Support ( 19.) HWID Bypass - CISC + User Datas ( 20.) HWID Bypass - CISC & RISC - Independently ( 21.) Log File Creater ( 22.) ASLR Cleaner ( 23.) TLS Callback Remover ( 24.) Advanced Section Calc & Adder ( 25.) Target File Dumper + PE Rebuilder ( 26.) Auto Dump PE Rebuilder ( 27.) NET.FrameWork Support [SC ( 28.) Exe & DLL Support ( 29.) WinXP SP2|3 & Windows 7 | 32 Bit Support ***************************************************Environment : WinXP-SP2/SP3 or Windows7 32 Bit,OllyDbg V1.10 ODBGScript v1.82.6,StrongOD 0.4.8.892,PhantOm 1.79Environment : ARImpRec.dll by Nacho_dj - Big Special Thanks :)DLL is used to get:****************************************************API Names | Ordinals | Module Owners by AddressAs you can see also this script does use again the ARImpRec.dll by Nacho_dj which I also used already in my VMProtect Ultra Unpacker script but this dll is not the same so just use only this dll which you will find in my tutorial package and not the dll from my other VMP script and of course you also need to change the script itself if you do enter "YOUR dll path of the ARImpRec.dll" so this is also the first and important part.All infos and more can you also read in the script itself so there I wrote many small descriptions so that also you can't do something wrong in the best case. 
The script has also a own label called "USER_OPTIONS:" where you can enable / disable some script options etc if you need.
I know already that some of you have or get always some trouble with the script handling or some other problems etc and to prevent this possible things in advance I created again some videos (8) where you can see and follow each steps from A - Z and of course I wrote down all necessary informations and "special situations" in extra text files and which you also should read!
I added also a nice UnpackMe Set with different protected files from old till latest / HWID etc.As you can already see in the script features I added a another and new HWID Bypass method which works Independently which is called BYPASS_HWID_SIMPLE.So if you need or wanna try this then enable this before you run the script so this should be clear.
All in all I would say it has become a very nice script and I have test it with many files.Now about you.So I only expect from you that you also will take the time to watch all videos and to read all text infos I made so I know its maybe hard for you to stay tuned to watch them all or to read anything I wrote etc but this could help you of course.So if something not works in your case then just check this again with a little attention and if really nothing helps etc then you can ask with your questions on this topic so that would be already very nice for me.
So I think thats all now what I have to say for the moment about it.So then have fun with the script and if its helpfully or not for you or if you are not satisfied or if you like it etc then send a feedback if you want.So its always good to know whether the scirpt will also work for you and not just for me.
PS: Below is the downloadlink to a extern free & fast host at the moment.
***************************************************Update: 1.1***************************************************Hi again,
so today I will release a script update to version 1.1 and I also made some videos how to use the new script (not much to do for you) and how to handle some special cases which YOU have to handle manually so thats the main reason why I made some videos so that you can see it and to have some exsamples if your target xy used same features etc.Below you can see the update list. TheMida - WinLicense Ultra Unpacker 1.1***************************************************Fixed Breakpoint Error InfoFixed FW API Name Check In IATFixed Custom Dll UnpackBase ProblemAdded Basic Olly & Plugin Setup-ChecksAdded Dll Dynamic Check + Current Base DumpingAdded Custom PE_ADS Alloc Size OptionAdded Custom HWID MessageBox Info checkAdded Nopper (Prevent Crasher) Disable Ask Option (special case)Added Another EFL Scan & Patch (For Custom VM)Added Another Macro Scan & Patch & InfoAdded Personal Data Infos (User | Language | OS Bit | Date | Time | Duration)Added Overlay Scan | Dumper & Adder (Overlay will added to DP file by script)Added Auto XBunlder Files Dumper Option (Default is enabled but you can also disable it below)Added Auto XBunlder Loader Option (Does load all XBunlder dll files into process / 20 Dll Load Files Limit!)Added XBunlder Direct Memory Imports to Loaded XBundler Dll Imports FixerAdded Custom HWID Label If WL dosen't use normal system messagebox API.See below in Hint descriptionI also added two new very nice protected UnpackMe into the new package which I used to create the videos for you. A big special thanks for my friend SReg who made these nice UnpackMes for me. :)Now you have two big script tutorial sets with 14 videos handle different situations + the unpacker script itself and I hope that this will be enough now for you to handle your files too so far. So then have fun with the new stuff and if this time again (as always) something not works for you then post a reply with your question in this topic if necessary. ***************************************************Update: 1.2***************************************************Ok I made a update and fixed some bugs and added some new little features.Also I made again one short video for you so that you know what to do so check this out. TheMida - WinLicense Ultra Unpacker 1.2***************************************************Fixed Wrong Label NameFixed OEP Zero Bytes BugAdded MJM Detail Moddern ScanAdded DLL & XBunlder DLL Import Check at first MJ StopAdded Another WL Entry Scan (TF & CISC Mixed)Added PE Section Splitting Optimizer Scan & Data Log (Reducing Codesection & Split)Added Better IAT End Checking***************************************************Add On - Videos***************************************************TM - WL Ultra Unpacker Relocs Fixing (special video + exsample file) - See below for DL ***************************************************Add On II - Video***************************************************So I made today a new little add on video called "How to load my dll with a base I want tutorial" so I think this should bealso useful for you if you handle with dll bases. ***************************************************Update: 1.3 + Bonus***************************************************Themida - Winlicense Ultra Unpacker 1.3***************************************************Fixed VMWare Check ProblemAdded EFL User OptionAdded Better Check For HWIDAdded CISC (Old / New ) Basic VM OEP Turbo Method + Pushes & Handler Log (Push / Push / Jump to Handler!)Added IAT Checkbox to User (Verify IAT Start / Size!)Added Second VM Entry Scan & Log --(2)-- After Other Entry Fixing (Macros etc)Added SetEvent Finder Script (CISC & RISC)Added SetEvent Patcher (CISC & RISC)I made a update again.The new main feature I added is the SetEvent feature what the script now can find itself and log all datas to file which you then can use to make it more easier for to handle this too.I also created a bonus video with some hints called "What to do if my dump not starts?" to give you more help how to find the possible problem X.Just check this out. ***************************************************Update: 1.4***************************************************Themida - Winlicense Ultra Unpacker 1.4***************************************************Added CRC Fixer (exe & dll & NET support)INFO: If you want to CRC fix any dll (dll flag enabled in PE) then be sure that your dll was also loaded the first time with value 1 in [esp+08]! If you're not sure about it then enable the option AdvEnumModule in the StrongOD plugin and then load your dll file.New update today. This time I added CRC Fixing support for protected files.Its useful if your file is broken (File Corrupted!) to get it working again.I also added a short video where you can see it on a few exsample files.
My Special Greetz: Congratulations to Team Germany | World Cup Winner 2014
| 
[复制链接]
发表于 2014-9-10 11:57
