@Vam
Current Version is better than old... better detection of Handler.

But a 2big problem is still here.
1.VMProtect is stack based VM, so all stuff are pushed on stack for process.
even without add junk code,its obfuscated. why?
because:
push dword ptr [reg_C]
push 0041077C
pop eax
pop edx
mov dword ptr ds:[eax], edx ;00000005
is :
MOV DWORD PTR DS:[41077C],ECX

so its hard for to understand in Long analyse.
its better to use atleast pattern matching for deobfuscating this routine.
for example : handler : 0x50,0x60,0x40,0x70,0x80 if run together it will for example
equal to MOV R32,R32

if you do it, it will be very good.


Kind Regards.
Also im w8 for your new version;)

In principle, the intermediate code, about which you speak, explore the user does not need, it makes the intermediate code decompiler. Notice more attention to the analysis already decompiled code (log file) - with the right understanding of it is possible to manually restore source code of virtualization function nearly 100% of cases.

this really a great tool, it helps a lot.thanks

Error Report
 

Hi Vam



let see this CrackMe.
i VMed it with minimum option.
your plugin will crash during analyze of it.




Kind Regards.

@Vam

with Stolen Resource feature, sometimes vmpr will find the call FindResource in the code section ,and instead of just protecting import, it will redirect it to internal FindResource.
so not FindResource api will called. in this situation your VMSweeper will crash.
Please Fix It;)


Thanks

i have queastion what the diffrence in the virutalizer that made deathway and that one?o_O

This tool can unpack Xenocode protection?

No, this tool is designed to aide in the unpacking of VMProtect and CodeVirtualizer, as the title indicates. ;)

Thank you. Very nice work. I´ll give it a try.

VMSweeper 1.5 beta 2

What's new:

2012-09-20

[i] VmProtect:
[+] "Empty" VM exit handler
[+] Switch-cases decompilation
[+] Handling of non-virtualized instruction "sbb"

(Attached)

DeCV Decompiler
 

An open source code virtualizer decompiler is available here. Haven't tried it yet, though.

Article Protect&Sweeper contains basic material of protection algorithms VmProtekt and remove it WmSweeper with the addition of exclusive not been previously published material.
It will be useful to anyone dealing with the decompiler and protector.

nice,i have never thought about that VMcode can be decompiled

Any chance for ollydbg v2?

BiMode
Why do you want OllyDbg v2? OllyDbg v2 has new PDK API. It's hard to rewrite such big project to new API.

Oke, portability problem then...

@BiMode
What is the meaning if both things do the same stuff?

I do get it, but i belived something new may suite me better like w9x and w8 they do the same but never be the same...

A thing can be "suitable" for your "size" if you pay good. This is a free thing so be kind and say "Thank you!". If you are not feel confortable with this then code your own plugin.

That's you choice, i have mine even without "paying". I don't know why you so serious about this instead of the author, is it your code? Really boring about you these day, giv. I have seen you post critism about many member doing here, i'm not your under control? I just talk to the author and you f*ck up with something i don't wanna really taking to, you may have a problem with your mind but i don't cos i'm done with the author's answer already. Stick on your business and leave me alone oke?

I think you have mate. Your education is spelled on your answer.

You think i'm begging him for a ollydbg v2 support? NOOO!!!! It's just a question.
I think you may have a problem with my English, i suggest you to go back and read the post. I may translate and say again, for you.

If he didn't feel right to support on v2 it just ok. i never force him to do nor want him to code, that's why i say "chance", and yeh i have mate. Are we don yet? really boring now (cos i really hate to bumping the post count)...

please help me to got pass for a n tutorial video regarding vmprotect from this adress http://www.progamercity.net/attachment.php?attachmentid=1661&d=1342954867

http://www.progamercity.net/boi/2633-tutorial-woi-unpackig-vmprotect.html

not worked for the newest version of code virtulizer~
it changed from jmp xxx to call xxx

WMSweeper 1.5 beta 3 (2014-04-08)

What's new:
-many changes

no detailed changelog ? :\

For what use?

WMSweeper 1.5 beta 4
 

WMSweeper 1.5 beta 4 2014/05/07

it seems that VMSweeper 1.5 b4 haven't yet support the newest version of CodeVirtualizer, if the author need the target, please tell me.

yes.this not worked in newest version of CodeVirtualizer

vmsweeper 1.5 beta