Themida Loader (PEB Hook)

For those into RCE, you surely came across Themida and know it can be a bitch.
Here is the PEB hooking loader from ARteam :

1. you will need to build fake_kernel32.dll and fake_advapi32.dllsolutions, and 2 dlls will be created in ..\..\fake\ folder.
2. in ..\..\fake\ folder you have adjust_fake.exe which you MUST use onnewly created dlls to get valid import table for kernel32/advapid32.dll
3. rebuild themida loader project, as fake_kernel32.dll and fake_advapi32.dllare stored in resources of themidaloader.exe
   

Another nice ARTeam release : http://arteam.accessroot.com/releases.html

Addendum :in other news ARTeam is hooking Services .exe To Hide Softice