MCPcopy Index your code
hub / github.com/ergrelet/unlicense

github.com/ergrelet/unlicense @0.4.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release 0.4.0 ↗ · + Follow
107 symbols 417 edges 16 files 22 documented · 21% updated 2y ago0.4.0 · 2023-08-14★ 1,41257 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Unlicense

GitHub release Minimum Python version CI status

A Python 3 tool to dynamically unpack executables protected with Themida/WinLicense 2.x and 3.x.

Warning: This tool will execute the target executable. Make sure to use this tool in a VM if you're unsure about what the target executable does.

Note: You need to use a 32-bit Python interpreter to dump 32-bit executables.

Features

  • Handles Themida/Winlicense 2.x and 3.x
  • Handles 32-bit and 64-bit PEs (EXEs and DLLs)
  • Handles 32-bit and 64-bit .NET assemblies (EXEs only)
  • Recovers the original entry point (OEP) automatically
  • Recovers the (obfuscated) import table automatically

Known Limitations

  • Doesn't handle .NET assembly DLLs
  • Doesn't produce runnable dumps in most cases
  • Resolving imports for 32-bit executables packed with Themida 2.x is pretty slow
  • Requires a valid license file to unpack WinLicense-protected executables that require license files to start

How To

Download

You can either download the PyInstaller-generated executables from the "Releases" section or fetch the project with git and install it with pip:

pip install git+https://github.com/ergrelet/unlicense.git

Use

If you don't want to deal the command-line interface (CLI) you can simply drag-and-drop the target binary on the appropriate (32-bit or 64-bit) unlicense executable (which is available in the "Releases" section).

Otherwise here's what the CLI looks like:

unlicense --help
NAME
    unlicense.exe - Unpack executables protected with Themida/WinLicense 2.x and 3.x

SYNOPSIS
    unlicense.exe PE_TO_DUMP <flags>

DESCRIPTION
    Unpack executables protected with Themida/WinLicense 2.x and 3.x

POSITIONAL ARGUMENTS
    PE_TO_DUMP
        Type: str

FLAGS
    --verbose=VERBOSE
        Type: bool
        Default: False
    --pause_on_oep=PAUSE_ON_OEP
        Type: bool
        Default: False
    --no_imports=NO_IMPORTS
        Type: bool
        Default: False
    --force_oep=FORCE_OEP
        Type: Optional[Optional]
        Default: None
    --target_version=TARGET_VERSION
        Type: Optional[Optional]
        Default: None
    --timeout=TIMEOUT
        Type: int
        Default: 10

NOTES
    You can also use flags syntax for POSITIONAL ARGUMENTS

Core symbols most depended-on inside this repo

Shape

Function 64
Method 34
Class 9

Languages

Python89%
TypeScript11%

Modules by API surface

unlicense/process_control.py25 symbols
unlicense/frida_exec.py19 symbols
unlicense/resources/frida.js12 symbols
unlicense/dump_utils.py11 symbols
unlicense/emulation.py8 symbols
unlicense/winlicense3.py7 symbols
unlicense/winlicense2.py6 symbols
unlicense/imports.py6 symbols
unlicense/application.py4 symbols
unlicense/logger.py3 symbols
unlicense/function_hashing.py3 symbols
unlicense/lief_utils.py2 symbols

For agents

$ claude mcp add unlicense \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page