Themida packed DLL unpacking (generic to other DLL packed files)
Do LoadLibrary, don't let it terminate, then use processdumper.
A. C source. Compile respectively if x86 or x64 DLL.
// loadlib.c
#include
#include
int main()
{
MessageBox(0, "loading and going to a loop.", 0, 0);
if (0 == LoadLibraryA("C:\\programdata\\desktop.dat"))
{
LoadLibraryA("C:\\programdata\\desktop.dat");
}
while (1)
{}
return 0;
}
pd32 -pid
pd64 -pid
