Today I have a free hour and I want to share a little not too much discussed issue of Themida/WL: Unvirtualization of the VM.
We will follow some steps:
1. Unpacking
2. Unvirtualize the VM (in this case the OEP).
3. Rebuild the PE
4. Remove the VM from the file
I am sure there can be some questions but if you have any ttouble understanding feel free to ask.
The unpack and HWID bypass is done via LCF-AT script.
The Unvirtualise is done via plugin by DeathWay
The rest is all by hand.
If you don't understand why I have used some addresses or values think a little bit and if you don't catch the point just ask on the forum.
P.S.
Thanks to LCF-AT and DeathWay for their information posted on Tuts 4 You.
We will follow some steps:
1. Unpacking
2. Unvirtualize the VM (in this case the OEP).
3. Rebuild the PE
4. Remove the VM from the file
I am sure there can be some questions but if you have any ttouble understanding feel free to ask.
The unpack and HWID bypass is done via LCF-AT script.
The Unvirtualise is done via plugin by DeathWay
The rest is all by hand.
If you don't understand why I have used some addresses or values think a little bit and if you don't catch the point just ask on the forum.
P.S.
Thanks to LCF-AT and DeathWay for their information posted on Tuts 4 You.