Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-09-2010, 20:30
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 17 Times in 13 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
Smile VM decompiler tool (VMProtect, CodeVirtualizer)

Hi guys!

My friend released beta version of decompiler. Here is it.

In your bug reports mention string with "#ERROR#" substring.
Attached Files
File Type: rar VMSweeper13beta.rar (260.5 KB, 322 views)

Last edited by progopis; 09-08-2018 at 02:27.
Reply With Quote
The Following 21 Users Gave Reputation+1 to progopis For This Useful Post:
1ST (11-16-2010), ahmadmansoor (11-10-2010), Apuromafo (11-25-2010), besoeso (11-09-2010), BoB (11-10-2010), D-Jester (11-09-2010), Fyyre (11-19-2010), henry_y (11-09-2010), jump (11-10-2010), KuNgBiM (11-10-2010), Loki (11-11-2010), NoneForce (11-21-2010), oVERfLOW (11-10-2010), yogi_saw (11-10-2010), ZeNiX (11-10-2010), _ruzmaz_ (11-10-2010)
The Following 2 Users Say Thank You to progopis For This Useful Post:
AhrimanSefid (07-02-2017), Apuromafo (07-14-2015)
  #2  
Old 11-09-2010, 21:19
Rigel Rigel is offline
Friend
 
Join Date: Nov 2009
Location: Orion
Posts: 42
Rept. Given: 2
Rept. Rcvd 14 Times in 7 Posts
Thanks Given: 1
Thanks Rcvd at 4 Times in 2 Posts
Rigel Reputation: 14
Cong Bro
Reply With Quote
  #3  
Old 11-09-2010, 22:30
besoeso's Avatar
besoeso besoeso is offline
Family
 
Join Date: May 2010
Posts: 154
Rept. Given: 414
Rept. Rcvd 100 Times in 39 Posts
Thanks Given: 242
Thanks Rcvd at 42 Times in 33 Posts
besoeso Reputation: 100-199 besoeso Reputation: 100-199
Can anyone upload in mediafire server???
Reply With Quote
  #4  
Old 11-09-2010, 23:11
D-Jester's Avatar
D-Jester D-Jester is offline
VIP
 
Join Date: Nov 2003
Location: Ohio, USA
Posts: 269
Rept. Given: 39
Rept. Rcvd 61 Times in 41 Posts
Thanks Given: 0
Thanks Rcvd at 4 Times in 4 Posts
D-Jester Reputation: 61
http://www.d-jester.com/files/qCyiV1289315367.html
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light.
Reply With Quote
The Following User Gave Reputation+1 to D-Jester For This Useful Post:
besoeso (11-10-2010)
  #5  
Old 11-09-2010, 23:14
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 17 Times in 13 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
http://www.mediafire.com/?xe2audtv678ttjq
http://www.multiupload.com/7KR131VMWH
Reply With Quote
The Following 2 Users Gave Reputation+1 to progopis For This Useful Post:
besoeso (11-10-2010), dnvthv (11-09-2010)
The Following User Says Thank You to progopis For This Useful Post:
bsskkd (05-04-2016)
  #6  
Old 11-09-2010, 23:37
jump jump is offline
VIP
 
Join Date: Jan 2009
Posts: 287
Rept. Given: 84
Rept. Rcvd 48 Times in 24 Posts
Thanks Given: 13
Thanks Rcvd at 32 Times in 25 Posts
jump Reputation: 49
It sounds promissing but could you post also some info how does it work and how to use it?

--
Jump
Reply With Quote
  #7  
Old 11-10-2010, 00:05
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 17 Times in 13 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
It's ollydbg 1.10 plug-in. It can't help you with anti-debug or crc checks. All what you need is to break at any address near OEP or after OEP. Then choose "Analyze for all VM references" and paste values for all .text/.code sections scope and for VM. It will show you all possible VM references. After that you can choose any address in this table (table of reference results) and press "[Ctrl]+[Crey *]" on it and then F1 for decompile.
Reply With Quote
The Following User Gave Reputation+1 to progopis For This Useful Post:
besoeso (11-10-2010)
  #8  
Old 11-10-2010, 04:08
quosego quosego is offline
Family
 
Join Date: Feb 2009
Posts: 104
Rept. Given: 8
Rept. Rcvd 39 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
quosego Reputation: 39
Well it should be cool, but it kinda crashes at 13% with vmprotect will try some others. In oreans it doesn't recognize a deobfuscated VM it seems. Will test some more.

EDIT:
Other VMprotect seems to crash as well.. Testing late VMprotect here, unpacked and antidump fixed.

Last edited by quosego; 11-10-2010 at 04:15.
Reply With Quote
  #9  
Old 11-10-2010, 04:42
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 17 Times in 13 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
> "[Ctrl]+[Crey *]"
Sorry for mistake. I mean "New origin here" command.

quosego
Most programs have FPU handlers, so it one of the possible reasons of crashes. This tool is still beta and can't work with FPU handlers. But I can add support.

What do you mean about "crashes"? There are many possible problems. Please specify.
Reply With Quote
  #10  
Old 11-10-2010, 10:41
Hmily's Avatar
Hmily Hmily is offline
Family
 
Join Date: Jul 2009
Posts: 37
Rept. Given: 17
Rept. Rcvd 59 Times in 19 Posts
Thanks Given: 13
Thanks Rcvd at 99 Times in 13 Posts
Hmily Reputation: 59
good tool~
__________________
LCG
https://www.52pojie.cn
Reply With Quote
  #11  
Old 11-10-2010, 12:52
zapline
 
Posts: n/a
the windows do not have a cancel button
Reply With Quote
  #12  
Old 11-10-2010, 17:32
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 17 Times in 13 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
Probably would be better if I did a little video with example of usage.
Reply With Quote
  #13  
Old 11-10-2010, 17:38
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 1,006
Rept. Given: 462
Rept. Rcvd 361 Times in 134 Posts
Thanks Given: 186
Thanks Rcvd at 273 Times in 98 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Thumbs up very Nice

Ooooo ..Ooooo .
progopis ........Great work bro .
will be tested ...
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #14  
Old 11-10-2010, 18:18
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 17 Times in 13 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
ahmadmansoor
My part of work on this project no more than 10% or maybe less. This project is started by Vamit. My part of this work was to study VMProtect and testing. Also, I fixed a few bugs and wrote some of the technical things in the architecture of the project.

And I should make video for you now.
Reply With Quote
  #15  
Old 11-10-2010, 18:40
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 1,006
Rept. Given: 462
Rept. Rcvd 361 Times in 134 Posts
Thanks Given: 186
Thanks Rcvd at 273 Times in 98 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
no problem .... 10% is enough to be thanked ,
and big thanks for sharing it .... and 90% thanks for Vamit .
video tut will be more useful to understand some points in this plugin .
for me after analysising Olly hung .and I just use StrongOD and IDAFicator
with this plugin .
the target protected with Winlic and Vmprotect
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
Reply

Tags
codevirualizer, decompiler, vmprotect, vmsweeper

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there linux vm tool like vmprotect? swlepus General Discussion 4 12-23-2011 10:07


All times are GMT +8. The time now is 02:27.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX