Unpacking cshell.dll

[lauwy]

Can some one help me with unpacking cshell.dll?
Befor the patch I could find with what cshell.dll was packt.

Now I can't

Can some one help me to find what software cshell is packt with?
I tryed

RDG
PEID
exeinfo pe


Found:
Themida v2.0.1.0 - v2.1.2.0 (or newer) + Hide PE Scanner Option

[UltraPGNoob]

isn't that execyptor thingy?

[OverDrivejt]

you dont need a unpacker, you need make a software that load the libray CShell.dll and then attach this with Ollydbg...

[lauwy]

I have loaded cshell.dll.
You can see in the memory that cshell is there.



But how can I dump cshell to a file? becouse I can't select whole cshell

[[MPGH]Time]

Damn looks so complicated lawl.

[lauwy]

If you open the PE Header, then you see the MZ, but the code after it is so small :S
That can't be good

[UltraPGNoob]

You can right click on CShell .text and then dump it into a .mem file but i dont know what to do next.

[lauwy]

Then the file is 256 KB. That can't be good

[UltraPGNoob]

Use that plugins when dumping CShell.dll

VirusTotal - Free Online Virus, Malware and URL Scanner

PEDumper.dll - MD5 : 9acfc9885dab96807593284967ae5e61 - VirSCAN.org 0% Scanner(s) (0/36) found malware!

--------------------------------------------------------------------

P.S.: I already unpacked CShell.

[lauwy]

Thanks

I dumpt it,
but I still have the protection error :S

[UltraPGNoob]

I released the CShell unpacked after patch if you want it.

[lauwy]

I make a video how I did it.
Maby I do somting wrong :P

[UltraPGNoob]

If you need some help with unpacking cshell ask me via pm

[Hahaz]

You can ask Blood about this, he's really pro at it.

@UltraPGNoob, no outside link :/

[UltraPGNoob]

@hahaz sry. i replaced the link by an uploaded file.