04-15-2011, 11:19
|
Friend
|
|
Join Date: Feb 2009
Posts: 42
Rept. Given: 4
Rept. Rcvd 19 Times in 3 Posts
Thanks Given: 2
Thanks Rcvd at 11 Times in 9 Posts
|
|
Quote:
Originally Posted by Deathway
That's weird, that sequence was already translate, could you send me a PM along with the target
@all
A CRITICAL ERROR was found on version 1.3 and lower, if the unvirtualization routine has SHL, SHR, ROR, ROL, RCL, RCR, It was wrong unvirtualized. It will be fixed on next version (along with the ImageBase, ESP+REG32+MOFFS, minor bugs)
PD2: People are/is asking about RISC UnVirtualization, Today I've managed to get my first Handler dumps about this machine, but unfortunately, the final handlers are mix of the original (I mean three or 4 thunks make one Virtual Handler on the exe/dll), it doesn't preserve registers (possible lost of data when deofuscation). However if the small thunks are enough predictable, I'll do my best effort to bring you this feature (Not promise yet )
|
Look at email
|