The return of Akira to crackslatinos is a big thing, other tut of the great AKIRA defeating themida completely.

Great Akira your return to crackslatinos is a big new and with your tutorials, we are very very happy.

http://70.85.163.146/~ricardo/NUEVO%20CURSO/TEORIAS%20DE%20CRACKING/454-AkirA%20themida.rar

Ricardo Narvaja

http://70.85.163.146/~ricardo/NUEVO%20CURSO/PROGRAMAS%20DE%20LAS%20TEORIAS%20DEL%20NUEVO%20CURSO%20CRACK/454-PROGRAMAS%20TEORIA%20454/themida2.rar

Ricardo Narvaja

Hello, any plans for english translation?

in exetools translate to english with babel i put in the same folder than spanish version

http://www.ricnar456.dyndns.org/WEB/NUEVO%20CURSO/TEORIAS%20DE%20CRACKING/455-english_AkirA%20themida.rar

the web principal is down in the same path the programs are in the old web

http://www.ricnar456.dyndns.org/WEB/

in PROGRAMAS DE LAS TEORIAS DE NUEVO CURSO by number of tutorial

Ricardo Narvaja

Greetings Ricardo Narvaja,

Great info but it would be great if it can be translated into English .

in exetools there is a translation to english made with babel and i put in my http (now with the old password) if ant need enter and don´t have the password write me to ricnar456@yahoo.com.ar and i send you the password

Ricardo Narvaja

Please check your mail, many thanks. By the way, i gave your experimental method a go and it worked great on one traget but not another, possibly my error though.

It´s Akira method, but he try in many themidas and work

Ricardo Narvaja

I am still hvaing some issues with a few programs, any chance someone could make a better translation to english of this, bablefish does a great job but there are a few things i find hard to undertsand still. Thanks

The problem is not in code, its in language transloation i feel

As soon as i unpack this, i want to write my own tut for newbies

Even if the tuts were written in English, it is hard for the writer to convey some ideas. remember tut authors are not-necessarily professional writers, and there is no "editor" to help with the style and the contents.
If you (gbrooks) wish, send me your questions and/or highlight your un-understandable areas in the automatic translation, send them and I will be glad to help you. I just cannot volunteer, as I did in the past, to translate the whole thing because of time constrains.

put the part in spanish and the translated part here and i tell you if the traslated version matain the idea of the original part, i don´t speak english well but i can read and look if a part have the same sense of the original spanish, and if there are dudes i can ask to akira.

Ricardo Narvaja

I tried those links, but it asks for username/pass.

yes it ask, mail me ricnar456@yahoo.com.ar and i send to you

Ricardo Narvaja

Can somebody please help me with this tutorial?

I have compiled inyector1.cpp as inyector1.exe and TerminateProcess.cpp as import.dll (I don`t have Visual C++ 6.0 so I have used VS.NET for compiling and I had to use "Not Using Precompiled Headers" with both of them).

When I start inyector1.exe I get "Fallo VirtualProtect" message and b8.exe starts but I don`t get that Terminate Proccess messsage box and I can`t dump that proccess.

It have tried to use all three combinations of addresses in TerminateProcess.cpp:
DWORD * NtAllocateVirtualMemory1=(DWORD *)0x77F65838;
DWORD * NtAllocateVirtualMemory2=(DWORD *)0x77F6583E;
DWORD * NtAllocateVirtualMemory1=(DWORD *)0x77F65A4;
DWORD * NtAllocateVirtualMemory2=(DWORD *)0x77F65A5A;
DWORD * NtAllocateVirtualMemory1=(DWORD *)0x77F66644;
DWORD * NtAllocateVirtualMemory2=(DWORD *)0x77F6664A;
but all of them give "Fallo VirtualProtect" and no Terminate Proccess box.

Thanks in advance!

i ask akira

Ricardo Narvaja

this is the response of akira

Hola Ricardo, perdona el trabajo extra que te estoy dandoEl hecho de que haya varias combinaciones es porque el mismo codigo lo utilice para varios programas, pero hay varias que estan quitadas. Supongo que la duda surge porque la explicacion que esta en el tuto anterior de xprotector esta en español... Lo que tiene que hacer es buscar con Olly o con lo que sea la funcion ZwTerminateProcess (logicamente en cada ordenar las direcciones seran distintas y cada uno tiene que buscarlas para hacer uso de este trazador) Un ejemplo de ZwTerminateProcess en mi Pc : Con Olly abro cualquier crackme y doy a search->all names busco ZwTerminateProcess y doy a intro Ahora en la foto podemos ver la funcion , hay que sacar dos direcciones : DWORD * NtAllocateVirtualMemory1=(DWORD *)0x77F66644;
DWORD * NtAllocateVirtualMemory2=(DWORD *)0x77F6664A;
La Memory2 apunta al "retn 8" como podeis ver en la foto y la Memory1 apunta a la constante 7ffe0300 , osea que hay que pillar la direccion de mov edx,7ffe0300 y sumarle uno(estas direcciones solo sirven para mi PC, cada uno debe buscar las suyas antes de compilar)La idea es que en vez de llamar a la funcion 7ffe0300 llame a nuestra funcion gancho Y ahora ya, se compila ( yo recomiendo compilar sobre visual c++ 6.0 porque es la plataforma donde yo he calculado los offset sobre este compilador. Compilarlo en otro puede dar resultados impredecibles) Un saludo y perdona de nuevo por el trabajo extra, si no quieres tener que estar posteando diles que me escriban al email de contacto del tuto y conforme tenga tiempo ire contestando.

the mail of akira is akira_cracker@yahoo.com.ar

Ricardo Narvaja

Thank you very much for your answer!
I have successfully dumped the app.

FYI Themida/Xprotector protection was broken a long time ago already, see the XprotStripper @ kernelkiller.com

well but the xprotstripper don´t teach me HOW UNPACK is only a tool, this is a tutorial, and teach HOW TO, nobody tell Akira was the first in unpack, but a tutorial from this packers is very appreciated for me.

Ricardo Narvaja