View Single Post
  #27  
Old 03-10-2012, 08:18
Deathway's Avatar
Deathway Deathway is offline
Lo*eXeTools*rd
 
Join Date: Jan 2009
Posts: 41
Rept. Given: 8
Rept. Rcvd 155 Times in 24 Posts
Thanks Given: 1
Thanks Rcvd at 20 Times in 14 Posts
Deathway Reputation: 100-199 Deathway Reputation: 100-199
[v1.5]
- Fixed Unvirtualize with Jump on CISC machines
- Fixed some errors when handling signed constants on RISC
- Fixed an issue when processing MOVS instrution on CISC machine
- Fixed some inversion data when processing COMM, REGX, REGX (like XOR EDI,ESI was decoded as XOR ESI,EDI)
- Fixed a problem when handling AH CH DH BH registers on COMM2 instructions
- Added MOVSX - MOVZX - XCHG - IMUL - MUL - DIV - IDIV - PUSHFD - POPFD instructions on RISC
- Added CALL [ESP+IMMC] on Cisc Machine
- Added support of dump files on RISC machines
- OreansAssember_Risc.cfg updated
- DLL Support on CISC and RISC machines

There is a fix regarding Risc machines, if you unvirtualized the opcodes, there is a high chance that you obtain the inversed form of this opcodes COMM REGX,REGX (like XOR EDI,ESI was decoded as XOR ESI,EDI). This errrors is fixed on the latest version

DLL support is now avaible, however Risc machines must be initialized first (not a problem, since risc machines are always encrypted).

On both machines, it's recommended the devirtualization once the eip reach the oep.


Deathway.
Attached Files
File Type: rar Oreans UnVirtualizer 1.5.rar (307.6 KB, 101 views)

Last edited by Deathway; 03-10-2012 at 08:23.
Reply With Quote
The Following 11 Users Gave Reputation+1 to Deathway For This Useful Post:
chessgod101 (03-10-2012), deepzero (03-10-2012), Ember (03-12-2012), foosaa (03-14-2012), giv (03-10-2012), kienmanowar (03-10-2012), Loki (03-12-2012), mdj (03-14-2012), Newbie_Cracker (03-25-2012), uLysse (03-10-2012), ZeNiX (03-10-2012)
The Following User Says Thank You to Deathway For This Useful Post:
Indigo (07-19-2019)