Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   VM decompiler tool (VMProtect, CodeVirtualizer) (https://forum.exetools.com/showthread.php?t=13084)

progopis 11-09-2010 20:30

VM decompiler tool (VMProtect, CodeVirtualizer)
 
1 Attachment(s)
Hi guys!

My friend released beta version of decompiler. Here is it.

In your bug reports mention string with "#ERROR#" substring.

Rigel 11-09-2010 21:19

Cong Bro :)

besoeso 11-09-2010 22:30

Can anyone upload in mediafire server???

D-Jester 11-09-2010 23:11

http://www.d-jester.com/files/qCyiV1289315367.html

progopis 11-09-2010 23:14

http://www.mediafire.com/?xe2audtv678ttjq
http://www.multiupload.com/7KR131VMWH

jump 11-09-2010 23:37

It sounds promissing but could you post also some info how does it work and how to use it? ;)

--
Jump

progopis 11-10-2010 00:05

It's ollydbg 1.10 plug-in. It can't help you with anti-debug or crc checks. All what you need is to break at any address near OEP or after OEP. Then choose "Analyze for all VM references" and paste values for all .text/.code sections scope and for VM. It will show you all possible VM references. After that you can choose any address in this table (table of reference results) and press "[Ctrl]+[Crey *]" on it and then F1 for decompile.

quosego 11-10-2010 04:08

Well it should be cool, but it kinda crashes at 13% with vmprotect will try some others. In oreans it doesn't recognize a deobfuscated VM it seems. Will test some more.

EDIT:
Other VMprotect seems to crash as well.. Testing late VMprotect here, unpacked and antidump fixed.

progopis 11-10-2010 04:42

> "[Ctrl]+[Crey *]"
Sorry for mistake. I mean "New origin here" command.

quosego
Most programs have FPU handlers, so it one of the possible reasons of crashes. This tool is still beta and can't work with FPU handlers. But I can add support.

What do you mean about "crashes"? There are many possible problems. Please specify.

Hmily 11-10-2010 10:41

good tool~

zapline 11-10-2010 12:52

:(the windows do not have a cancel button

progopis 11-10-2010 17:32

Probably would be better if I did a little video with example of usage.

ahmadmansoor 11-10-2010 17:38

very Nice
 
Ooooo ..Ooooo . :eek:
progopis :cool: :cool: ........Great work bro :D .
will be tested ...

progopis 11-10-2010 18:18

ahmadmansoor
My part of work on this project no more than 10% or maybe less. This project is started by Vamit. My part of this work was to study VMProtect and testing. Also, I fixed a few bugs and wrote some of the technical things in the architecture of the project.

And I should make video for you now.

ahmadmansoor 11-10-2010 18:40

no problem .... 10% is enough to be thanked ,
and big thanks for sharing it .... and 90% thanks for Vamit .
video tut will be more useful to understand some points in this plugin .
for me after analysising Olly hung .and I just use StrongOD and IDAFicator
with this plugin .
the target protected with Winlic and Vmprotect


All times are GMT +8. The time now is 18:31.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX