Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x.

License

NotificationsYou must be signed in to change notification settings

ergrelet/unlicense

Repository files navigation

GitHub releaseMinimum Python versionCI status

A Python 3 tool to dynamically unpack executables protected withThemida/WinLicense 2.x and 3.x.

Warning: This tool will execute the target executable. Make sure to use thistool in a VM if you're unsure about what the target executable does.

Note: You need to use a 32-bit Python interpreter to dump 32-bit executables.

Features

  • Handles Themida/Winlicense 2.x and 3.x
  • Handles 32-bit and 64-bit PEs (EXEs and DLLs)
  • Handles 32-bit and 64-bit .NET assemblies (EXEs only)
  • Recovers the original entry point (OEP) automatically
  • Recovers the (obfuscated) import table automatically

Known Limitations

  • Doesn't handle .NET assembly DLLs
  • Doesn't produce runnable dumps in most cases
  • Resolving imports for 32-bit executables packed with Themida 2.x is pretty slow
  • Requires a valid license file to unpack WinLicense-protected executables thatrequire license files to start

How To

Download

You can either download the PyInstaller-generated executables from the "Releases"section or fetch the project withgit and install it withpip:

pip install git+https://github.com/ergrelet/unlicense.git

Use

If you don't want to deal the command-line interface (CLI) you can simplydrag-and-drop the target binary on the appropriate (32-bit or 64-bit)unlicenseexecutable (which is available in the "Releases" section).

Otherwise here's what the CLI looks like:

unlicense --helpNAME    unlicense.exe - Unpack executables protected with Themida/WinLicense 2.x and 3.xSYNOPSIS    unlicense.exe PE_TO_DUMP <flags>DESCRIPTION    Unpack executables protected with Themida/WinLicense 2.x and 3.xPOSITIONAL ARGUMENTS    PE_TO_DUMP        Type: strFLAGS    --verbose=VERBOSE        Type: bool        Default: False    --pause_on_oep=PAUSE_ON_OEP        Type: bool        Default: False    --no_imports=NO_IMPORTS        Type: bool        Default: False    --force_oep=FORCE_OEP        Type: Optional[Optional]        Default: None    --target_version=TARGET_VERSION        Type: Optional[Optional]        Default: None    --timeout=TIMEOUT        Type: int        Default: 10NOTES    You can also use flags syntax for POSITIONAL ARGUMENTS
[8]ページ先頭
©2009-2025 Movatter.jp