Before any unpacking, you must evade the anti-debug tricks.
Once execution lands at the OEP, you cannot simply dump the memory. Enigma 5.x uses stolen bytes and redirected imports. enigma protector 5x unpacker
Unlike simple packers (UPX, ASPack), Enigma 5.x can virtualize critical code and obfuscate the IAT (Import Address Table). The real IAT is either encrypted or moved to dynamic memory, and stubs redirect calls to a dispatcher. Practical challenges:
When a protected executable runs, Enigma’s loader stub gains control first. This stub is a polymorphic piece of shellcode that: Before any unpacking, you must evade the anti-debug tricks