+- الفريق العربي للهندسة العكسية (https://www.at4re.net/f)
+-- قسم : منتديات الهندسة العكسية - Reverse Engineering Forums (https://www.at4re.net/f/forum-4.html)
+--- قسم : البرامج و أدوات الهندسة العكسية - RCE Tools (https://www.at4re.net/f/forum-29.html)
+--- الموضوع : Themida Anti Debugger (/thread-2345.html)
Themida Anti Debugger - vosiyons - 09-12-2020
Themida 3.x Anti-Debugger x64dbg Plugin
x64dbg plugin to bypass Themida 3.x Anti-Debugger / VM / Monitoring programs checks (64bits only)
x64dbg
DLL injection (LoadLibrary)
Hooks (MinHook)
Usage
Download the latest version of Themidie and extract Themidie.dll and Themidie.dp64 to x64dbg's plugins folder
Download the latest version of ScyllaHide and extract HookLibraryx64.dll and ScyllaHideX64DBGPlugin.dp64 to x64dbg's plugins folder
![[صورة مرفقة: 9JJZ9G.png]](https://i.hizliresim.com/9JJZ9G.png)
Start x64dbg, click on the plugins tab, go to ScyllaHide -> Options
![[صورة مرفقة: EpDVZV.png]](https://i.hizliresim.com/EpDVZV.png)
Disable everything, enable "Kill Anti-Attach" only and click on the "OK" button
![[صورة مرفقة: rvLWTR.png]](https://i.hizliresim.com/rvLWTR.png)
Go back to the plugins tab, go to Themidie -> Start, then select and open the executable that you want to debug
![[صورة مرفقة: pTxiXQ.png]](https://i.hizliresim.com/pTxiXQ.png)
When this MessageBox will apear, you will be able to attach x64dbg to the target process and debug it.
![[صورة مرفقة: eB628c.png]](https://i.hizliresim.com/eB628c.png)
Hooks
Themidie hooks the following functions:
Module Function name
kernel32.dll GetModuleHandleA
user32.dll FindWindowA
Advapi32.dll RegOpenKeyA
Advapi32.dll RegQueryValueExA
ntdll.dll NtSetInformationThread
ntdll.dll NtQueryVirtualMemory
RE: Themida Anti Debugger - Newhak - 21-12-2020
Can you upload a compiled version as I cannot see any TheMida.dll file in the attached folder.
RE: Themida Anti Debugger - vosiyons - 21-12-2020
Scyllahide setting image .
![[صورة مرفقة: 2l4jR2.png]](https://i.hizliresim.com/2l4jR2.png)
Inject BBT32.dll
![[صورة مرفقة: mCBV31.png]](https://i.hizliresim.com/mCBV31.png)
After that run, the program will start without Antidebugger message from Themida.
https://www.youtube.com/watch?v=2bY23kdLfuQ&feature=youtu.be
Download: https://s7.dosya.tc/server18/0ldf0y/Themida_Anti_Debugger.rar.html
RE: Themida Anti Debugger - Newhak - 21-12-2020
Thank you my brother
RE: Themida Anti Debugger - vosiyons - 07-10-2022
Link Updated...
https://mega.nz/file/YdsXxa6I#M9S38qHjP956DaMXCIl9Xd8rNXAQBm9iTaWcq5zji90