Register for your free account! | Forgot your password?

Go Back   elitepvpers > Coders Den > .NET Languages
PE fixing a .Net Themida packed with CFF Explorer PE fixing a .Net Themida packed with CFF Explorer
You last visited: Today at 11:21

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

PE fixing a .Net Themida packed with CFF Explorer

Discussion on PE fixing a .Net Themida packed with CFF Explorer within the .NET Languages forum part of the Coders Den category.

Reply
 
Old   #1
 
wildspirit's Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2005
Posts: 72
Received Thanks: 85
PE fixing a .Net Themida packed with CFF Explorer

im trying to unpack a .Net Themida 2.0.5.0 packed file and having trouble with PE fixing

so far i was able to do the following
- get the version of packer used
- dump the file
- fix the section header (.text, .sdata)
- delete the section added by the packer (not sure if i did this right, i deleted the section header and data named Themida)
- added .reloc section
- fixed the SizeOfCode, SizeOfHeaders & SizeOfUninitialzed Data
- replaced BaseOfCode with RVA of .text
- replaced BaseOfData with RVA of .rsrc

im not sure with SizeOfInitialized Data since the value raw size of .sdata is quite large and if i try to add up all the RAW sizes CFF Explorer crashes

and i couldnt find _CorExeMain (searching from Hex Editor of CFF) to fix the Import Directory RVA

can anyone enlighten me on this?
wildspirit is offline  
Reply

« [Hilfe] Clicker Times aus TxT [VB 2010] | Problem mit VBasic!?! »

Similar Threads Similar Threads
themida probalm
08/22/2011 - WarRock - 5 Replies
when i am press start game pop up window and say File corrupted!. This program has been manipulated !! i dont have any anti virus i try reintsell it but not work what i can do to stop the mdia problam
Themida
12/29/2010 - WarRock - 0 Replies
Hi ich habe eine frage warum muss man hacks mit Themida verpacken?:rtfm:
Themida Packed.
12/25/2010 - WarRock - 5 Replies
Heyho com. Ich suche das programm "Themida Packed" Weiss jemand zufällig, wo ich dies herbekomme? Wenn ja, wo :D Ich verteile thanks :D
ollydbg und Themida
07/24/2009 - General Coding - 7 Replies
Ich habe mal versucht mir den Client des Spiels TwelveSky2 in ollydbg etwas genauer anzuschauen. Noch dazu müsste gesagt werden, dass der Client mit Themida gepackt worden ist. Das Attachen ist kein Problem, aber sobald ich einen Breakpoint auf die Funktion WS2_32.send setze und mich im Spiel bewege (sprich der Client kommt zum Breakpoint), crasht der Client mit einer windowstypischen "Twelvesky2.exe hat ein Problem festgestellt und muss beendet werden."-Fehlermeldung. Ollydbg zeigt mir den...
Themida
02/10/2008 - Lineage 2 - 9 Replies
Anyone else getting this themida error on opening a second screen? At the moment I can only run one L2 client at a time = no party botting:mad: Please help! Oreans Technology : Software Security Defined.



All times are GMT +1. The time now is 11:21.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2025 elitepvpers All Rights Reserved.