Do you think is easy to reverse a newer VM?

are you serious? :) he calls Chuck Norris and VM revers it self :D:D:D:D

lol
Many of us don't have knowledge to reverse a simple crackme.

[v1.7]
- FISH machine avaible (WHITE and RED variants)
- Added Vm signatures

Hi all, the new version of this plug-in supports the FISH virtual machine, WHITE and RED variants.

Some words about this machine...

It mixes both CISC and RISC architecture, but the code isn't like template anymore, every virtual machine has a new different number of handlers, and every handler contains a different execution path, a little tricky, but nothing that can't be 'devirtualized' ;), maybe i'll write a paper about FISH and TIGER machines later.

Some specs that aren't coded yet:
- Support for Check macro;
- Sort algo is very unstable
- This plugin may crash when deofuscating very rare sequences, (most of them are 'expected' specially when crash was due to an ud2 instruction).
- Suppor for BLACK variants ;)

... About TIGER, I have no plans for the moment, but it isn't very different from FISH analog.
Plug-in was tested with 2.2.6.0 version, other versions may have variants that this plug-in couldn't handle.


Deathway.

LF> the paper . thanks for the great update

Is amaizing how fast you do the update.
It seems that you have a very good knownledge of the VM's.
Bravo and thank you!

thank you for the update, nice work Deathway!

Really nice work Deathway.
but any example files or update for movie tut .
many thanks .

[v1.8]
- FISH BLACK variant avaible
- Fixed deofuscation order (GenV6)
- New deofucation scheme for FISH machine
- New smart code tracer for FISH machines
- Stack sort for FISH commands
- Improved management of memory (faster deofuscation)
- Added movzx reg32, [esp+eax+memoffset] on CISC machines
- Added a message prompt when the opcode buffer is not enough
- Added LEAVE instruction for FISH machines
- Added support for CALLs to VM section in FISH machines
- CHECK_PROTECTION macro disabled, now it must be restored by hand
- Fixed QWORD incorrect names for some opcodes
- Fixed a problem when deofuscating RISC machines

Thanks people for all your reports, the plug-in becomes more powerful every day.

Now it fully supports FISH machines.
CHECK_PROTECTION macro has been disbled, it must be restored by hand, there were many troubles when handling this kind of macro.
CodeVirtualizer machines aren't supported (FISH-TIGER).
Hope you like this new update, happy reversing :)


Deathway.

So fast.
Congrats amigo.

anyone still own the video tutorial deathway made?

hi
i try doing modify this program but i not found source of this program
i am sorry for my bad english

I will give you a hand.

closed source. even if it gets open source , those who will be able to make future progress, are already good enough to make something similar like this.

why do i get machine signature not found?