I'm getting some trouble with a program that whenever i nop or force jmp to a string and the save and patch the file I'm getting "Themida File corrupted! This program has been manipulated and maybe it's infected by a virus or cracked"
Ravexx1337 is offline
2
Altoid
The Legendary Cheater
Join Date: Oct 2022
Location: United States
Posts: 488
Reputation: 23433 Rep Power: 64
Recognitions
Points: 31,659, Level: 26
Level up: 69%, 541 Points needed
Activity: 14.0%
Last Achievements
Hello, @Ravexx1337
I don't have much experience with Themida, but the issue here sounds like it's being caused from you modifying the file. I'm not sure how Themida does it's integrity checks to prevent file cracking / patching, but that's definitely what's giving you 'trouble' here.
Error:
Quote:
Themida File corrupted! This program has been manipulated and maybe it's infected by a virus or cracked
The error by Themida is quite literally, telling you the problem. If you patch the program, you're going to be caught by Themida's file-integrity check. Modifying the file data in any way is going to get you caught. Using a nop or jmp will differentiate the file integrity data, hence the error.
Altoid is offline
3
AhoraJust
h4x0!2
Join Date: Apr 2020
Location: Ida Pro && x64dbg
Posts: 104
Reputation: 1974 Rep Power: 100
Points: 5,011, Level: 7
Level up: 57%, 389 Points needed
Activity: 1.9%
Last Achievements
Quote:
Originally Posted by Ravexx1337
I'm getting some trouble with a program that whenever i nop or force jmp to a string and the save and patch the file I'm getting "Themida File corrupted! This program has been manipulated and maybe it's infected by a virus or cracked"
Themida uses the following WinApi for check CRC file:
Code:
GetModuleFileName CreateFileW GetFileSize CreateFileMappingW MapViewOfFile UnmapViewOfFile
It is enough to change the path to the file to an unpatched one, or simply create a copy of the file in a new section using CFF exploler and hook WinApi. MapViewOfFile[return address] - to give original bytes that themida will accept UnmapViewOfFile - fix the first argument to prevent your file from being unmapped [your program will die if you don't]. This has been tested leak WinLicense 3.1.3.0 & Themida 3.0.4.0. If you need help bypassing runtime CRC, then just write and I will give you an answer.
AhoraJust is offline
4
Ravexx1337
n00bie
Threadstarter
Join Date: Apr 2023
Posts: 2
Reputation: 10 Rep Power: 25
Points: 37, Level: 1
Level up: 10%, 363 Points needed
Activity: 0%
i had some trouble reversing themida, but after some help from others i got it and thank you for your reply it helped me alot