Quote:
|
Quote:
|
lol
Many of us don't have knowledge to reverse a simple crackme. |
1 Attachment(s)
[v1.7]
- FISH machine avaible (WHITE and RED variants) - Added Vm signatures Hi all, the new version of this plug-in supports the FISH virtual machine, WHITE and RED variants. Some words about this machine... It mixes both CISC and RISC architecture, but the code isn't like template anymore, every virtual machine has a new different number of handlers, and every handler contains a different execution path, a little tricky, but nothing that can't be 'devirtualized' ;), maybe i'll write a paper about FISH and TIGER machines later. Some specs that aren't coded yet: - Support for Check macro; - Sort algo is very unstable - This plugin may crash when deofuscating very rare sequences, (most of them are 'expected' specially when crash was due to an ud2 instruction). - Suppor for BLACK variants ;) ... About TIGER, I have no plans for the moment, but it isn't very different from FISH analog. Plug-in was tested with 2.2.6.0 version, other versions may have variants that this plug-in couldn't handle. Deathway. |
Quote:
|
Is amaizing how fast you do the update.
It seems that you have a very good knownledge of the VM's. Bravo and thank you! |
thank you for the update, nice work Deathway!
|
Really nice work Deathway.
but any example files or update for movie tut . many thanks . |
1 Attachment(s)
[v1.8]
- FISH BLACK variant avaible - Fixed deofuscation order (GenV6) - New deofucation scheme for FISH machine - New smart code tracer for FISH machines - Stack sort for FISH commands - Improved management of memory (faster deofuscation) - Added movzx reg32, [esp+eax+memoffset] on CISC machines - Added a message prompt when the opcode buffer is not enough - Added LEAVE instruction for FISH machines - Added support for CALLs to VM section in FISH machines - CHECK_PROTECTION macro disabled, now it must be restored by hand - Fixed QWORD incorrect names for some opcodes - Fixed a problem when deofuscating RISC machines Thanks people for all your reports, the plug-in becomes more powerful every day. Now it fully supports FISH machines. CHECK_PROTECTION macro has been disbled, it must be restored by hand, there were many troubles when handling this kind of macro. CodeVirtualizer machines aren't supported (FISH-TIGER). Hope you like this new update, happy reversing :) Deathway. |
So fast.
Congrats amigo. |
anyone still own the video tutorial deathway made?
|
hi
i try doing modify this program but i not found source of this program i am sorry for my bad english |
Quote:
Quote:
|
Quote:
|
why do i get machine signature not found?
|
All times are GMT +8. The time now is 00:24. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX