#31
|
||||
|
||||
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
The Following User Gave Reputation+1 to ahmadmansoor For This Useful Post: | ||
besoeso (11-11-2010) |
#32
|
||||
|
||||
File: VMSweeper.rar
http://www.d-jester.com/files/bQ4SQC1289448194.html File: VmpVirtTest1.rar http://www.d-jester.com/files/zMm1Qg4B1289448194.html File: progopis.rar http://www.d-jester.com/files/Mqeu1289448194.html
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light. |
#34
|
||||
|
||||
Hi progopis :
why ur plugin need to reload the target after u press DeCode VM ??!!. if u can ,make it not to reload it again, and can u make an option to to define the intermediate code section . by Address or by name . and an option to define the storage folder . and this is an example I have create it for u in VB 6.0 . u can see the pic for the options of protection . when DeCode VM work to -21.0 then stop ...!!!! pls check it . in the attachment I have but both files the original file and the packed file . address at = 00401CF0 type Virtualization when press at Check button u will reach the address . hXXp://img405.imageshack.us/f/progopis.jpg/
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
The Following User Gave Reputation+1 to ahmadmansoor For This Useful Post: | ||
#35
|
|||
|
|||
Hi,
nice plugin but it's not working very stable.In the most cases it just stops if it tries to DeCode. @ ahmadmansoor I tried also your vb target and for me it stops always at 21.0 % after the break on 00401CF0.Nothing happend anymore and the code is still the same. greetz |
The Following User Gave Reputation+1 to LCF-AT For This Useful Post: | ||
ahmadmansoor (11-14-2010) |
#36
|
|||
|
|||
As I already mentioned, this plug-in doesn't support FPU. It stops on handler VM_fnclex.
I'm believe, I will finish support for all handlers to the end of the next week. P.S. Anybody tried it on CodeVirtualizer btw? Last edited by progopis; 11-14-2010 at 18:59. |
The Following 2 Users Gave Reputation+1 to progopis For This Useful Post: | ||
ahmadmansoor (11-15-2010), besoeso (11-14-2010) |
#37
|
|||
|
|||
I have tried this tool on Winlicense 2.13 main exe, a dialog popup said: invaild value Code start :00401000.
what's wrong with this? another bug: The Segment address dialog can not be closed..... |
#38
|
|||
|
|||
Because only support to oreans Code Virtualizer product.
Anway when you say "Winlicense 2.13 main exe" refer to retail version? Regards |
#39
|
|||
|
|||
Quote:
The segment dialog is should not be closed. Just think before doing anything. |
#40
|
|||
|
|||
so strong tools !
3q 4 SHARE but so many bugs waiting the new version |
#41
|
||||
|
||||
VMSweeper 1.3 (beta 12):
- §á§à§Ý§ß§à§Ö §Ó§à§ã§ã§ä§Ñ§ß§à§Ó§Ý§Ö§ß§Ú§Ö §Ú§Þ§á§à§â§ä§Ñ §á§à§ã§Ý§Ö VMProtect - §å§ã§ä§â§Ñ§ß§Ö§ß §ã§Ö§Ô§Þ§Ö§ß§ä .vm, §Ü §Ú§ã§ã§Ý§Ö§Õ§å§Ö§Þ§à§Þ§å §æ§Ñ§Û§Ý§å §Ò§à§Ý§î§ê§Ö §ß§Ú§é§Ö§Ô§à §è§Ö§á§Ý§ñ§ä§î §ß§Ö §ß§å§Ø§ß§à - §å§Ý§å§é§ê§Ö§ß §á§à§Ú§ã§Ü §ä§à§é§Ö§Ü §Ó§ç§à§Õ§Ñ §Ó §Ó§Þ - §å§Ý§å§é§ê§Ö§ß§à §â§Ñ§ã§á§à§Ù§ß§Ñ§Ó§Ñ§ß§Ú§Ö §ä§Ú§á§à§Ó §Ó§Þ - shortcut Shift+F1 §å§á§â§à§ë§Ñ§Ö§ä §á§â§à§Õ§à§Ý§Ø§Ö§ß§Ú§Ö §Ñ§ß§Ñ§Ý§Ú§Ù§Ñ §Ü§à§Õ§Ñ §Ó§Þ - §å§Ó§Ö§Ý§Ú§é§Ö§ß§à §à§Ò§ë§Ö§Ö §Ò§í§ã§ä§â§à§Õ§Ö§Û§ã§ä§Ó§Ú§Ö §á§â§Ú §Ó§ã§Ö§ç §à§á§Ö§â§Ñ§è§Ú§ñ§ç - §á§à§Ó§í§ê§Ö§ß §á§â§à§è§Ö§ß§ä §å§ã§á§Ö§ê§ß§à§Û §Õ§Ö§Ü§à§Þ§á§Ú§Ý§ñ§è§Ú§Ú §Ü§à§Õ§Ñ §á§à§Õ VmProtect (§å§ã§á§Ö§ê§ß§Ñ§ñ §Õ§Ý§ñ §Þ§Ö§ß§ñ - §Ü§à§Ô§Õ§Ñ §Ò§à§Ý§Ö§Ö 50% §Ü§à§Õ§Ñ §â§Ñ§ã§á§à§Ù§ß§Ñ§ß§à §Ú §Ó§à§ã§ã§ä§Ñ§ß§à§Ó§Ý§Ö§ß§à §Ñ§Ó§ä§à§Þ§Ñ§ä§Ú§é§Ö§ã§Ü§Ú, §Ñ 100% §Ó§à§ã§ã§ä§Ñ§ß§à§Ó§Ý§Ö§ß§Ú§Ö §Ü§à§Õ§Ñ §á§à§Ü§Ñ §Ó§à§Ù§Þ§à§Ø§ß§à §ä§à§Ý§î§Ü§à §Ó 5-10% §ã§Ý§å§é§Ñ§Ö§Ó §Ú §ä§à§Ý§î§Ü§à §ß§Ñ §ß§Ö§Ü§à§ä§à§â§í§ç §Ó§Ö§â§ã§Ú§ñ§ç VmProtect, §Ñ §Ü§Ñ§Ü§Ú§ç §ß§Ö§Ú§Ù§Ó§Ö§ã§ä§ß§à §ä.§Ü. §à§ß §à §ã§Ö§Ò§Ö §ß§Ö §ã§à§à§Ò§ë§Ñ§Ö§ä) - §à§Ò§ß§à§Ó§Ý§Ö§ß§à §²§å§Ü§à§Ó§à§Õ§ã§ä§Ó§à §á§à§Ý§î§Ù§à§Ó§Ñ§ä§Ö§Ý§ñ, §ã §Ü§à§ä§à§â§à§Ô§à §Ú §ã§Ý§Ö§Õ§å§Ö§ä §ß§Ñ§é§Ñ§ä§î... Who wants to can convert themselves from Russian into their native language. http://rghost.net/3481244/private/2c41de505ab28d742ab19cc6db7e02c0 |
#42
|
||||
|
||||
VMSweeper 1.3 (beta 13)
- some internal fixes http://rghost.net/3505157/private/c90edf1ea4c2dd9ce4342d188232f756 |
#43
|
||||
|
||||
VMSweeper 1.4 beta 1 (with surprise)
http://rghost.net/3619113 |
The Following 2 Users Gave Reputation+1 to BoRoV For This Useful Post: | ||
ahmadmansoor (12-16-2010), besoeso (12-16-2010) |
#44
|
|||
|
|||
Hello,
@ BoRoV Cool a new version but this time your plugin crashes always. Any Olly.I try to Analyse all VM references and then it crashes or closed Olly.The other version are working till now. So I have test also diffrent dbghelp.dll versions but I get the same bad result. Code:
VM Sweeper.dll 2. Break on this call - then step in. 1003FD07 CALL 10005BC0 // BP 10005BC0 PUSH -1 EAX 00000000 ECX 0012D3C0 EDX 0000001C EBX 00000010 ESP 0012D334 EBP 0012DD90 ESI 00000000 EDI 00461A48 OLLYDBG._Findmemory EIP 10005BC0 0012D334 1003FD0C RETURN to 1003FD0C from 10005BC0 0012D338 0000001C 0012D33C 63BE9E82 0012D340 0012F50C 0012D344 00000000 10005C03 LEA EBX,DWORD PTR DS:[EAX+1] Address=0000001D EBX=00000010 10005C06 MOV CL,BYTE PTR DS:[EAX] DS:[0000001C]=??? CL=C0 ----------------------- greetz |
#45
|
||||
|
||||
Ooo God I think LCF-AT faster than me.
anyway I have done some tests too . and I got the same result as LCF-at . this is a flash file of what happen . hxxp://www.filesend.net/download.php...b41755226d09fb bs: Thanks LCF-At for ur hints in unpack Vmprotect . but I think ur way will not work always in upper OS ( Win 7.0 and Vista) I am working on small way I will send the details to u after I check that it will work . It will help ur script and push the target to run on different OS . Thanks u for ur hard work and thanks for progopis and BoRoV and the Author of vmsweeper . by the way I was absent for some time because I was very ill . I hope I will recover soon . the file include this : VMS_test from modified olly >>>>. trc files and the log files tested with modify olly VMS_test from original olly >>>>. trc files and the log files tested with original olly VMSweeper-problem flash movie
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
Tags |
codevirualizer, decompiler, vmprotect, vmsweeper |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Is there linux vm tool like vmprotect? | swlepus | General Discussion | 4 | 12-23-2011 10:07 |