Cheat Engine

Count · How do I cheat? Reputation: 0 Joined: 29 Jul 2014 Posts: 1

How I Can Debug To Packed Exe With Themida ?
I patched DbgBreakPoint and DbgUiRemoteBreaking But They Are Not Enough.

-Sorry For My Low English Smile

atom0s · Posted: Tue Jul 29, 2014 12:56 pm Post subject:

Themida is a virtual machine in terms of how it packs things. You will typically need to patch all the VM calls as well as remove any of the anti-debug measures that are enabled for the packed file. Typically, it is best to just unpack the whole thing if you plan to debug and alter the binary in any manner for cheating.

STN · Posted: Tue Jul 29, 2014 5:34 pm Post subject:

In other words, give up already. Themida is one of the incredibly difficult actually the most difficult protector of all and it takes a lot of skill and dedication to go through the virtualization it produces and depending on the difficulty it can be very tough task. Also CE is not the debugger you want to use with themida, its alright but nowhere as good as Olly which you need for its plugin and the environment/functions.

I suggest you start out learning unpacking simple packers like upx then tackling easy to hard protectors such as aspr, armadillo to the last one be themida. Tuts4you is the place you want to hang out (CEF is not the place for this).

PS: ^My point is to not try to discourage you but you do need an idea of what you are dealing with and which direction to go, few years back i had interest in MUP and i learned all of them (execryptor was the second most difficult) until it was time for themida and i gave up halfway, way too much of headache to debug through the virtualization it produces then the OEP it steals, arghh you pretty much have to rebuild the exe yourself in asm. It was on a test unpackme so not sure how much virtualization is used in applications in the wild but i imagine a lot. So if you can unpack themida you must be incredibly good and have a lot of patience.

Good luck

Chris12 · Posted: Wed Jul 30, 2014 11:54 am Post subject:

STN is right you're dealing with one of the most advanced obfuscators.
If you don't know what you're doing I'd suggest you give up and come back when you know MUCH more.

But there is hope. Many developers just slap themida ontop of their executable and hope it will work.
But if themida is not applied correctly you can still attack the executable from other points.
Maybe hack the network traffic? Or the files it works with? There are lots of ways to hack stuff without modifying the code.
You could also try to hack the values it uses for calculating stuff.
If its a game there is a small chance that the values are encrypted in memory which can make it harder to find stuff... (depending on how well this protection is done the difficulty cracking it range from "as good as non-existant" to "nearly impossible without debugger")

If its an older version of themida you can try to find a public unpacker.

atom0s · Posted: Wed Jul 30, 2014 12:07 pm Post subject:

I don't suggest just giving up, if you are able to patch certain parts of Themedia already (assuming the two API you mentioned were virtualized) then you are already on the right track.

There are a handful of articles, examples, and posts over at Tuts4You's forums covering Themedia which should help you get further if you are stuck and unsure where to go next. There are other hacking sites, as well, that specifically cover unpacking or include tutorials for it that cover the latest and more major packers. Google should help you find everything you need though, all the info is publicly available.