Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #31  
Old 11-11-2010, 07:54
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 1,009
Rept. Given: 463
Rept. Rcvd 361 Times in 134 Posts
Thanks Given: 198
Thanks Rcvd at 286 Times in 99 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
hxxp://www.filesend.net/download.php...f5e3f167a62921
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following User Gave Reputation+1 to ahmadmansoor For This Useful Post:
besoeso (11-11-2010)
  #32  
Old 11-11-2010, 12:04
D-Jester's Avatar
D-Jester D-Jester is offline
VIP
 
Join Date: Nov 2003
Location: Ohio, USA
Posts: 269
Rept. Given: 39
Rept. Rcvd 61 Times in 41 Posts
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
D-Jester Reputation: 61
File: VMSweeper.rar
http://www.d-jester.com/files/bQ4SQC1289448194.html

File: VmpVirtTest1.rar
http://www.d-jester.com/files/zMm1Qg4B1289448194.html

File: progopis.rar
http://www.d-jester.com/files/Mqeu1289448194.html
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light.
Reply With Quote
The Following 4 Users Gave Reputation+1 to D-Jester For This Useful Post:
Apuromafo (11-26-2010), besoeso (11-11-2010), JeRRy (11-12-2010), _ruzmaz_ (11-12-2010)
  #33  
Old 11-12-2010, 10:38
estelle estelle is offline
Friend
 
Join Date: Feb 2009
Posts: 42
Rept. Given: 4
Rept. Rcvd 19 Times in 3 Posts
Thanks Given: 2
Thanks Rcvd at 11 Times in 9 Posts
estelle Reputation: 19
1.jpg
run error
Reply With Quote
  #34  
Old 11-13-2010, 19:45
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 1,009
Rept. Given: 463
Rept. Rcvd 361 Times in 134 Posts
Thanks Given: 198
Thanks Rcvd at 286 Times in 99 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Post

Hi progopis :
why ur plugin need to reload the target after u press DeCode VM ??!!.
if u can ,make it not to reload it again,
and can u make an option to to define the intermediate code section .
by Address or by name .
and an option to define the storage folder .
and this is an example I have create it for u in VB 6.0 .
u can see the pic for the options of protection .
when DeCode VM work to -21.0 then stop ...!!!!
pls check it .
in the attachment I have but both files the original file and the packed file .
address at = 00401CF0 type Virtualization
when press at Check button u will reach the address .

hXXp://img405.imageshack.us/f/progopis.jpg/
Attached Files
File Type: rar vb.rar (21.1 KB, 32 views)
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following User Gave Reputation+1 to ahmadmansoor For This Useful Post:
  #35  
Old 11-14-2010, 02:01
LCF-AT LCF-AT is offline
Lo*eXeTools*rd
 
Join Date: Aug 2008
Location: Château-Saint-Martin
Posts: 33
Rept. Given: 4
Rept. Rcvd 15 Times in 6 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 1 Post
LCF-AT Reputation: 15
Hi,

nice plugin but it's not working very stable.In the most cases it just stops if it tries to DeCode.

@ ahmadmansoor

I tried also your vb target and for me it stops always at 21.0 % after the break on 00401CF0.Nothing happend anymore and the code is still the same.

greetz
Reply With Quote
The Following User Gave Reputation+1 to LCF-AT For This Useful Post:
ahmadmansoor (11-14-2010)
  #36  
Old 11-14-2010, 18:51
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 17 Times in 13 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
As I already mentioned, this plug-in doesn't support FPU. It stops on handler VM_fnclex.

I'm believe, I will finish support for all handlers to the end of the next week.

P.S. Anybody tried it on CodeVirtualizer btw?

Last edited by progopis; 11-14-2010 at 18:59.
Reply With Quote
The Following 2 Users Gave Reputation+1 to progopis For This Useful Post:
ahmadmansoor (11-15-2010), besoeso (11-14-2010)
  #37  
Old 11-14-2010, 23:59
hyperchem
 
Posts: n/a
I have tried this tool on Winlicense 2.13 main exe, a dialog popup said: invaild value Code start :00401000.
what's wrong with this?

another bug: The Segment address dialog can not be closed.....
Reply With Quote
  #38  
Old 11-15-2010, 00:55
mari0 b0ss mari0 b0ss is offline
Friend
 
Join Date: Aug 2010
Posts: 26
Rept. Given: 2
Rept. Rcvd 10 Times in 5 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
mari0 b0ss Reputation: 10
Because only support to oreans Code Virtualizer product.

Anway when you say "Winlicense 2.13 main exe" refer to retail version?

Regards
Reply With Quote
  #39  
Old 11-15-2010, 01:21
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 17 Times in 13 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
Quote:
Originally Posted by hyperchem View Post
I have tried this tool on Winlicense 2.13 main exe, a dialog popup said: invaild value Code start :00401000.
what's wrong with this?

another bug: The Segment address dialog can not be closed.....
Themida and WinLicense are unsupported yet.

The segment dialog is should not be closed. Just think before doing anything.
Reply With Quote
  #40  
Old 11-22-2010, 12:49
wuqing1501
 
Posts: n/a
so strong tools !
3q 4 SHARE
but so many bugs
waiting the new version
Reply With Quote
  #41  
Old 12-05-2010, 00:48
BoRoV's Avatar
BoRoV BoRoV is offline
Lo*eXeTools*rd
 
Join Date: Aug 2009
Posts: 56
Rept. Given: 3
Rept. Rcvd 91 Times in 24 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
BoRoV Reputation: 91
VMSweeper 1.3 (beta 12):
- ݧߧ ӧѧߧӧݧ֧ߧڧ ڧާ ݧ VMProtect
- ѧߧ֧ ֧ԧާ֧ߧ .vm, ڧݧ֧է֧ާާ ѧۧݧ ҧݧ ߧڧ֧ԧ ֧ݧ ߧ ߧاߧ
- ݧ֧ ڧ ֧ ӧէ ӧ
- ݧ֧ߧ ѧ٧ߧѧӧѧߧڧ ڧ ӧ
- shortcut Shift+F1 ѧ֧ էݧا֧ߧڧ ѧߧѧݧڧ٧ ܧէ ӧ
- ӧ֧ݧڧ֧ߧ ҧ֧ ҧէ֧ۧӧڧ ӧ֧ ֧ѧڧ
- ӧ֧ ֧ߧ ֧ߧ է֧ܧާڧݧڧ ܧէ VmProtect (֧ߧѧ էݧ ާ֧ߧ - ܧԧէ ҧݧ֧ 50% ܧէ ѧ٧ߧѧߧ ӧѧߧӧݧ֧ߧ ѧӧާѧڧ֧ܧ, 100% ӧѧߧӧݧ֧ߧڧ ܧէ ܧ ӧ٧ާاߧ ݧܧ 5-10% ݧѧ֧ ݧܧ ߧ ߧ֧ܧ ӧ֧ڧ VmProtect, ܧѧܧڧ ߧ֧ڧ٧ӧ֧ߧ .. ֧ҧ ߧ ҧѧ֧)
- ҧߧӧݧ֧ߧ ܧӧէӧ ݧ٧ӧѧ֧ݧ, ܧԧ ݧ֧է֧ ߧѧѧ...

Who wants to can convert themselves from Russian into their native language.

http://rghost.net/3481244/private/2c41de505ab28d742ab19cc6db7e02c0
Reply With Quote
The Following 2 Users Gave Reputation+1 to BoRoV For This Useful Post:
besoeso (12-05-2010), KuNgBiM (12-06-2010)
  #42  
Old 12-06-2010, 23:45
BoRoV's Avatar
BoRoV BoRoV is offline
Lo*eXeTools*rd
 
Join Date: Aug 2009
Posts: 56
Rept. Given: 3
Rept. Rcvd 91 Times in 24 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
BoRoV Reputation: 91
VMSweeper 1.3 (beta 13)
- some internal fixes

http://rghost.net/3505157/private/c90edf1ea4c2dd9ce4342d188232f756
Reply With Quote
  #43  
Old 12-16-2010, 00:19
BoRoV's Avatar
BoRoV BoRoV is offline
Lo*eXeTools*rd
 
Join Date: Aug 2009
Posts: 56
Rept. Given: 3
Rept. Rcvd 91 Times in 24 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
BoRoV Reputation: 91
VMSweeper 1.4 beta 1 (with surprise)
http://rghost.net/3619113
Reply With Quote
The Following 2 Users Gave Reputation+1 to BoRoV For This Useful Post:
ahmadmansoor (12-16-2010), besoeso (12-16-2010)
  #44  
Old 12-17-2010, 05:36
LCF-AT LCF-AT is offline
Lo*eXeTools*rd
 
Join Date: Aug 2008
Location: Château-Saint-Martin
Posts: 33
Rept. Given: 4
Rept. Rcvd 15 Times in 6 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 1 Post
LCF-AT Reputation: 15
Hello,

@ BoRoV

Cool a new version but this time your plugin crashes always. Any Olly.I try to Analyse all VM references and then it crashes or closed Olly.The other version are working till now.
So I have test also diffrent dbghelp.dll versions but I get the same bad result.
Code:
VM Sweeper.dll 


2. Break on this call - then step in.

1003FD07   CALL 10005BC0   // BP

10005BC0   PUSH -1

EAX 00000000
ECX 0012D3C0
EDX 0000001C
EBX 00000010
ESP 0012D334
EBP 0012DD90
ESI 00000000
EDI 00461A48 OLLYDBG._Findmemory
EIP 10005BC0


0012D334   1003FD0C  RETURN to 1003FD0C from 10005BC0
0012D338   0000001C
0012D33C   63BE9E82
0012D340   0012F50C
0012D344   00000000


10005C03   LEA EBX,DWORD PTR DS:[EAX+1]

Address=0000001D
EBX=00000010

10005C06   MOV CL,BYTE PTR DS:[EAX]

DS:[0000001C]=???
CL=C0
-----------------------
I hope you can fix this problem soon.

greetz
Reply With Quote
  #45  
Old 12-17-2010, 07:35
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 1,009
Rept. Given: 463
Rept. Rcvd 361 Times in 134 Posts
Thanks Given: 198
Thanks Rcvd at 286 Times in 99 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Ooo God I think LCF-AT faster than me.
anyway I have done some tests too .
and I got the same result as LCF-at .
this is a flash file of what happen .
hxxp://www.filesend.net/download.php...b41755226d09fb
bs: Thanks LCF-At for ur hints in unpack Vmprotect .
but I think ur way will not work always in upper OS ( Win 7.0 and Vista)
I am working on small way I will send the details to u after I check that it will work .
It will help ur script and push the target to run on different OS .
Thanks u for ur hard work and thanks for progopis and BoRoV and the Author of vmsweeper .
by the way I was absent for some time because I was very ill .
I hope I will recover soon .

the file include this :
VMS_test from modified olly >>>>. trc files and the log files tested with modify olly
VMS_test from original olly >>>>. trc files and the log files tested with original olly
VMSweeper-problem flash movie
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
Reply

Tags
codevirualizer, decompiler, vmprotect, vmsweeper

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there linux vm tool like vmprotect? swlepus General Discussion 4 12-23-2011 10:07


All times are GMT +8. The time now is 21:12.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )