@Vam
Current Version is better than old... better detection of Handler. But a 2big problem is still here. 1.VMProtect is stack based VM, so all stuff are pushed on stack for process. even without add junk code,its obfuscated. why? because: push dword ptr [reg_C] push 0041077C pop eax pop edx mov dword ptr ds:[eax], edx ;00000005 is : MOV DWORD PTR DS:[41077C],ECX so its hard for to understand in Long analyse. its better to use atleast pattern matching for deobfuscating this routine. for example : handler : 0x50,0x60,0x40,0x70,0x80 if run together it will for example equal to MOV R32,R32 if you do it, it will be very good. Kind Regards. Also im w8 for your new version;) |
Quote:
|
this really a great tool, it helps a lot.thanks
|
Error Report
1 Attachment(s)
Hi Vam
let see this CrackMe. i VMed it with minimum option. your plugin will crash during analyze of it. Kind Regards. |
@Vam
with Stolen Resource feature, sometimes vmpr will find the call FindResource in the code section ,and instead of just protecting import, it will redirect it to internal FindResource. so not FindResource api will called. in this situation your VMSweeper will crash. Please Fix It;) Thanks |
i have queastion what the diffrence in the virutalizer that made deathway and that one?o_O
|
This tool can unpack Xenocode protection?
|
Quote:
|
Thank you. Very nice work. I´ll give it a try.
|
1 Attachment(s)
VMSweeper 1.5 beta 2
What's new: 2012-09-20 [i] VmProtect: [+] "Empty" VM exit handler [+] Switch-cases decompilation [+] Handling of non-virtualized instruction "sbb" (Attached) |
DeCV Decompiler
An open source code virtualizer decompiler is available here. Haven't tried it yet, though.
|
Article Protect&Sweeper contains basic material of protection algorithms VmProtekt and remove it WmSweeper with the addition of exclusive not been previously published material.
It will be useful to anyone dealing with the decompiler and protector. |
nice,i have never thought about that VMcode can be decompiled
|
Any chance for ollydbg v2?
|
BiMode
Why do you want OllyDbg v2? OllyDbg v2 has new PDK API. It's hard to rewrite such big project to new API. |
Oke, portability problem then...
|
@BiMode
What is the meaning if both things do the same stuff? |
I do get it, but i belived something new may suite me better like w9x and w8 they do the same but never be the same...
|
A thing can be "suitable" for your "size" if you pay good. This is a free thing so be kind and say "Thank you!". If you are not feel confortable with this then code your own plugin.
|
That's you choice, i have mine even without "paying". I don't know why you so serious about this instead of the author, is it your code? Really boring about you these day, giv. I have seen you post critism about many member doing here, i'm not your under control? I just talk to the author and you f*ck up with something i don't wanna really taking to, you may have a problem with your mind but i don't cos i'm done with the author's answer already. Stick on your business and leave me alone oke?
|
Quote:
|
You think i'm begging him for a ollydbg v2 support? NOOO!!!! It's just a question.
I think you may have a problem with my English, i suggest you to go back and read the post. I may translate and say again, for you. If he didn't feel right to support on v2 it just ok. i never force him to do nor want him to code, that's why i say "chance", and yeh i have mate. Are we don yet? really boring now (cos i really hate to bumping the post count)... |
please help me to got pass for a n tutorial video regarding vmprotect from this adress http://www.progamercity.net/attachment.php?attachmentid=1661&d=1342954867
http://www.progamercity.net/boi/2633-tutorial-woi-unpackig-vmprotect.html |
not worked for the newest version of code virtulizer~
it changed from jmp xxx to call xxx |
1 Attachment(s)
WMSweeper 1.5 beta 3 (2014-04-08)
What's new: -many changes |
Quote:
|
Quote:
|
WMSweeper 1.5 beta 4
1 Attachment(s)
WMSweeper 1.5 beta 4 2014/05/07
|
it seems that VMSweeper 1.5 b4 haven't yet support the newest version of CodeVirtualizer, if the author need the target, please tell me.
|
yes.this not worked in newest version of CodeVirtualizer
|
1 Attachment(s)
vmsweeper 1.5 beta
|
All times are GMT +8. The time now is 13:38. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX