Demo-account

Themida 3.x Unpacker -

The IPEYE cloud video surveillance service combines convenience and affordable prices.

Video storage – starting from just 0.11 dollar per day. Up to 10 cameras in the personal account without data storage – free of charge.

Tariffs Registration

_H3_1_SCOPE_PAGE_INDEX

_P_1_01_SCOPE_PAGE_INDEX

_P_1_02_SCOPE_PAGE_INDEX

_P_1_03_SCOPE_PAGE_INDEX

_P_1_04_SCOPE_PAGE_INDEX

_P_1_05_SCOPE_PAGE_INDEX

_P_1_06_SCOPE_PAGE_INDEX

Partner manufacturers of cameras with built-in cloud service

_P_MY_PARTNER_NOT_FOUND _P_MY_PARTNER_NOT_FOUND_BOX _P_MY_PARTNER_NOT_FOUND_OR _P_MY_PARTNER_NOT_FOUND_STATIC_IP Themida 3.x Unpacker

The possibilities of the cloud-based IPEYE video surveillance system

Watch videos in real-time mode.

Connecting to the cameras from any place in the world where there is the Internet access.

Setting up the limited and public access to the viewing.

Easy searching of the necessary video by date and time.

Secure storage of your records in the cloud service.

Select and download any fragment to your phone, PC or tablet computer.

Key customers and partners

Cameras with built-in IPEYE service. Easy connection and convenient use.

video surveillance cameras

IPEYE.BOX

Буллет video surveillance cameras

IPTRONIC IPT-IP3BM(2,8) cloud IPEYE

Купольная video surveillance cameras

IPTRONIC IPT-IP3DM(2,8)A cloud IPEYE

Read more

Cameras map

IPEYE offers a catalogue of cameras open for public viewing. Mark the location of your cameras and watch the videos of other IPEYE service users!

Cameras map

Themida 3.x often resolves APIs via a giant jmp dword ptr [register+offset] table. To rebuild:

Here's an example unpacker code in C:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>
// Define the OEP and memory dump functions
DWORD find_oep(HANDLE hProcess, LPCVOID lpBaseAddress);
VOID dump_memory(HANDLE hProcess, LPCVOID lpBaseAddress, DWORD dwSize, LPCSTR lpDumpFile);
int main() 
    // Specify the protected executable and output file
    LPCSTR lpProtectedExecutable = "protected.exe";
    LPCSTR lpOutputFile = "unpacked.exe";
// Open the protected executable
    HANDLE hFile = CreateFileA(lpProtectedExecutable, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    if (hFile == INVALID_HANDLE_VALUE) 
        printf("Failed to open protected executable\n");
        return 1;
// Map the file into memory
    HANDLE hMapFile = CreateFileMappingA(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
    if (hMapFile == NULL) 
        printf("Failed to create file mapping\n");
        CloseHandle(hFile);
        return 1;
// Get the base address of the mapped file
    LPCVOID lpBaseAddress = MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, 0);
    if (lpBaseAddress == NULL) 
        printf("Failed to map view of file\n");
        CloseHandle(hMapFile);
        CloseHandle(hFile);
        return 1;
// Find the OEP
    DWORD oep = find_oep(GetCurrentProcess(), lpBaseAddress);
    if (oep == 0) 
        printf("Failed to find OEP\n");
        UnmapViewOfFile(lpBaseAddress);
        CloseHandle(hMapFile);
        CloseHandle(hFile);
        return 1;
// Dump the memory
    dump_memory(GetCurrentProcess(), lpBaseAddress, 0x100000, "memory.dump");
// Reconstruct the import table
    // ...
// Write the unpacked executable
    HANDLE hOutputFile = CreateFileA(lpOutputFile, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    if (hOutputFile == INVALID_HANDLE_VALUE) 
        printf("Failed to create output file\n");
        UnmapViewOfFile(lpBaseAddress);
        CloseHandle(hMapFile);
        CloseHandle(hFile);
        return 1;
// Write the unpacked code
    DWORD dwSize = 0x100000;
    WriteFile(hOutputFile, lpBaseAddress, dwSize, &dwSize, NULL);
// Close handles
    CloseHandle(hOutputFile);
    UnmapViewOfFile(lpBaseAddress);
    CloseHandle(hMapFile);
    CloseHandle(hFile);
return 0;
// Define the OEP and memory dump functions
DWORD find_oep(HANDLE hProcess, LPCVOID lpBaseAddress) 
    // TO DO: implement OEP finding logic
    return 0x100000;
VOID dump_memory(HANDLE hProcess, LPCVOID lpBaseAddress, DWORD dwSize, LPCSTR lpDumpFile) 
    // TO DO: implement memory dumping logic

Note: This is a basic example and may require modifications to work with your specific use case.

No. Themida 3.x implements CRC checks on all executable pages. An INT 3 instruction (opcode 0xCC) will change the CRC, and the protection will call TerminateProcess within 2 milliseconds.

Finding the Original Entry Point (OEP) in Themida 3.x is difficult because the entry point is often virtualized.

The leap from Themida 2.x to 3.x involved moving from a linear VM dispatcher to a polymorphic dispatcher. In 2.x, the VM handler could be identified by a signature (e.g., mov r32, [rsp] ; jmp r32). In 3.x, the dispatcher changes shape per build. Furthermore, 3.x introduced hardware breakpoint obfuscation via DR register manipulation and deeper integration with Windows 10/11 process mitigation policies.

This is the closest to a true unpacker. The workflow:

Best tool for 3.x: Scylla v0.9.8+ (with advanced IAT search) combined with x64dbg and TitanHide v3.x.

IPEYE cameras and video surveillance service

The IPEYE company distributes its equipment via the authorized dealers throughout Russia. To order our equipment, contact a representative in your area or call 8-800-100-39-45.

Registration