OK, first of all I'll make the last build stable by fixing all the issues and in the meantime let's start a new parser and I'll contribute.
|
Quote:
|
By any chance you didn't notice the existence of my post at #43, I'm still wondering how to get Olly2 + Ollyext load the VMProtected executable undetected on Windows 7 x64.
Any information and/or suggestion would be very appreciated. :) |
I've noticed it :) All in all seems like I've made some existing protections dead. Most probably that's reason why it gets detected. I'm working on the issues but it takes some time...
Quote:
|
Quote:
try from clean Olly ini file |
1 Attachment(s)
New v1.72 is out. Changes:
Code:
12.02.2014 |
Thank you for your comments.
I've tried with a clean Olly and OllyExt ini file, using v1.72, but so far no luck with it. Since I'm not particularly in hurry, I would like to try it again with later versions. Thanks again for your efforts you put into OllyExt. |
@ ferrit.rce
Nice work! |
1 Attachment(s)
New v1.73 is out. Changes:
Code:
26.02.2014 |
1 Attachment(s)
New v1.74 is out. Changes:
Code:
13.04.2014 |
1 Attachment(s)
New v1.8 is out. Changes:
Code:
27.04.2014 |
Hi ferrit
how about processing this method of detecting? ntdll.NtQueryInformationProcess() I've a target that is using it. |
This function is already hooked. Maybe it's a bug. Please send me the binary which detects it.
Quote:
|
No problems so far, works like a charm, thanks.
|
All times are GMT +8. The time now is 16:20. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX