- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Magicmida is a Themida auto-unpacker that works on some 32-bit applications. It works on all versions of Windows (XP and later).
Functions:
- Unpack: Unpacks the binary you select. The unpacked binary will be saved with an U suffix.
- MakeDataSects: Restores .rdata/.data sections. Only works on very specific targets.
- Dump process: Allows you to enter the PID of a running process whose .text section will be dumped (overwritten) into an already unpacked file. This is useful after using Oreans Unvirtualizer in OllyDbg. Only works properly if MakeDataSects was done before.
- Shrink: Deletes all sections that are no longer needed (if you unvirtualized or if your binary does not use virtualization). Warning: This will break your binary for non-MSVC compilers.
Note: The tool focuses on cleanness of the resulting binaries. Things such as VM anti-dump are explicitly not fixed. If your target has a virtualized entrypoint, the resulting dump will be broken and won't run (except for MSVC6, which has special fixup code to restore the OEP).
Important: Never activate any compatibility mode options for Magicmida or for the target you're unpacking. It would very likely screw up the unpacking process due to shimming.
2023-01-14
Removed some assumptions about IAT layout to achieve broader compatibility.
Fixed a bug where sections were misaligned in dumped binaries.
Fixed a crash in Themida v3 import tracing.
Compiled with Delphi 10.4.