Exetools
Page 3 of 4 12 3 4
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   OllyDBG v2.xx plugin - OllyExt (https://forum.exetools.com/showthread.php?t=15258)

ferrit.rce 12-09-2013 03:30
First of all win2k3 is not supported at all! Maybe it's working but absolutely no guarantee. See readme.txt...
Quote:
OS support:
- WinXP x32
- WinXP WoW64
- Win7 x32
- Win7 WoW64
Other question: Have you installed the necessary libraries? Without that it's 100% sure not gonna do anything...
Quote:
Requirements:
- Microsoft Visual C++ 2010 Redistributable Package (x86)
Quote:
Originally Posted by sendersu (Post 88533)
@ferrit.rce
the OllyExt 1.6.1 does not run at all @Win2k3 server x32...
not even any line in log window of Olly201... :(
http://prntscr.com/290fap
http://prntscr.com/290fih
http://prntscr.com/290g8l
P.S. another v2 plugin OllyDumpEx v1.30 was successfully loaded

any ideas?

ferrit.rce 12-09-2013 03:52
I've a test code for this and it's relevant only in some rare circumstances. The user mode debugger can be detected only if a kernel mode debugger is installed, running and the program debugged under the user mode debugger. I've never seen this protection in any protector but I can implement it in no time :) This will be done in the next release...

Quote:
Originally Posted by s0me0n3 (Post 88561)
I have to disagree from what I can see on the pastebin stuff:



and



Tell me where I am wrong.

ferrit.rce 12-09-2013 07:08
1 Attachment(s)
@sendersu: If you want win2k3 support do the steps in the attached file.

sendersu 12-12-2013 05:56
@ferrit.rce
Info carefully collected & sent by PM
pls review

qkumba 12-14-2013 03:59
Quote:
Originally Posted by ferrit.rce (Post 88600)
I've a test code for this and it's relevant only in some rare circumstances. The user mode debugger can be detected only if a kernel mode debugger is installed, running and the program debugged under the user mode debugger. I've never seen this protection in any protector but I can implement it in no time :) This will be done in the next release...
That's not even quite true. It's not detecting any user-mode debugger. It's detecting that a kernel debugger is running and that the process has the SeDebugPrivilege, which is completely independent of any user-mode debugger.

It's not a reliable detection method.

GarfieldPower 01-02-2014 22:29
Great job as always!

ferrit.rce 02-04-2014 02:44
1 Attachment(s)
New v1.7 is out. Changes:
Code:
13.01.2014
        - Ini file handling reimplemented( OllyDbg dependecy reduction )

12.01.2014
        - OS detection is completely rewritten because on 8.1 GetVersionEx is deprecated

12.01.2014
        - XED library added as JIT compiler( OllyDbg dependecy reduction )
        - Centralized debugger dependent functionalities

08.01.2014
        - Windows 8 support
        - Windows 8.1 support

07.01.2014
        - Windows Server 2012 support

06.01.2014
        - ProcessDebugObjectHandle and DebugProcessFlags was mixed up in the GUI :)

05.01.2014
        - Windows Server 2008 R2 support
        - Windows Server 2012 R2 support

02.01.2014
        - Target process memory read and write fix

12.12.2013
        - Windows Server 2003 R2 support

08.12.2013
        - NtSystemDebugControl
PLEASE NOTE that there were major changes inside the code! This could break features which were working previously. Please send reports as usual...

ferrit.rce 02-10-2014 05:47
1 Attachment(s)
New v1.71 is out to solve some annoying problems. Changes:
Code:
09.02.2014
        - No active debugge in case of protection changes fix
        - Closehandle hook moved to NtClose
        - Lot of internal changes

Computer_Angel 02-11-2014 17:16
Quote:
Originally Posted by ferrit.rce (Post 89881)
New v1.71 is out to solve some annoying problems. Changes:
Code:
09.02.2014
        - No active debugge in case of protection changes fix
        - Closehandle hook moved to NtClose
        - Lot of internal changes
The protectDRX seem broken in this version, my target is in inf loop if this option is checked. Not happen in the prev version (1.6x).
My OS: Win 8.1 x 64

ferrit.rce 02-11-2014 17:35
OK, I'll fix it ASAP...

mr.exodia 02-11-2014 22:53
@ferrit.rce: how do you use XED library? Would it be possible to share a little source snippet, I'm still looking for an assembler for x64_dbg.

Greetings

ferrit.rce 02-12-2014 00:02
OK, I'll PM you the details...

Quote:
Originally Posted by mr.exodia (Post 89929)
@ferrit.rce: how do you use XED library? Would it be possible to share a little source snippet, I'm still looking for an assembler for x64_dbg.

Greetings

softgate 02-12-2014 01:11
Hi, I'm trying to run it (VMProtect) under Olly2 without being detected:
http://www12.zippyshare.com/v/82220150/file.html

I've read this thread from the top and tried a set of parameters you've mentioned earlier as well as all the OllyExt options enabled, but it still detects the existence of Olly2.

I'm using Win7 x64 and the latest Olly2 and OllyExt (and no other plugins). Olly2's SFX features are all disabled and all exceptions are ignored.

Any help would be much appreciated!

ahmadmansoor 02-12-2014 19:21
Quote:
Originally Posted by ferrit.rce (Post 89930)
OK, I'll PM you the details...
Quote:
@ferrit.rce: how do you use XED library? Would it be possible to share a little source snippet
Can I have this too ,pls :D
Thanks

mr.exodia 02-12-2014 21:26
@ahmadmansoor: Somewhere these days I will start working on an open source asm parser for the XED library. I will add you to the repo when this project is started.

Greetings


All times are GMT +8. The time now is 07:40.
Page 3 of 4 12 3 4
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX