#46
|
||||
|
||||
OK, first of all I'll make the last build stable by fixing all the issues and in the meantime let's start a new parser and I'll contribute.
|
#47
|
||||
|
||||
big Thanks for ur offer mr.exodia .and I am waiting that .
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#48
|
|||
|
|||
By any chance you didn't notice the existence of my post at #43, I'm still wondering how to get Olly2 + Ollyext load the VMProtected executable undetected on Windows 7 x64.
Any information and/or suggestion would be very appreciated. |
#49
|
||||
|
||||
I've noticed it All in all seems like I've made some existing protections dead. Most probably that's reason why it gets detected. I'm working on the issues but it takes some time...
|
#50
|
|||
|
|||
Quote:
try from clean Olly ini file |
#51
|
||||
|
||||
New v1.72 is out. Changes:
Code:
12.02.2014 - KiUserExceptionDispatcher fix - NtSetThreadContext fix - ZwContinue fix |
#52
|
|||
|
|||
Thank you for your comments.
I've tried with a clean Olly and OllyExt ini file, using v1.72, but so far no luck with it. Since I'm not particularly in hurry, I would like to try it again with later versions. Thanks again for your efforts you put into OllyExt. |
The Following User Gave Reputation+1 to softgate For This Useful Post: | ||
ferrit.rce (03-01-2014) |
#53
|
|||
|
|||
@ ferrit.rce
Nice work! |
The Following User Gave Reputation+1 to MistHill For This Useful Post: | ||
ferrit.rce (03-01-2014) |
#54
|
||||
|
||||
New v1.73 is out. Changes:
Code:
26.02.2014 - NtClose has to return c0000008 fix 24.02.2014 - Error message appears if breakpoint is in the function which one to hook ( hook will be skipped ) - Protection will be updated if a new module loaded |
#55
|
||||
|
||||
New v1.74 is out. Changes:
Code:
13.04.2014 - Custom caption possibility added |
The Following 5 Users Gave Reputation+1 to ferrit.rce For This Useful Post: | ||
alekine322 (04-15-2014), Av0id (04-15-2014), demon_da (04-22-2014), sendersu (04-14-2014), TQN (04-19-2014) |
#56
|
||||
|
||||
New v1.8 is out. Changes:
Code:
27.04.2014 - Custom patch framework implemented - Custom patch signature ripping 24.04.2014 - Icon change can be turned off |
The Following 3 Users Gave Reputation+1 to ferrit.rce For This Useful Post: | ||
#57
|
|||
|
|||
Hi ferrit
how about processing this method of detecting? ntdll.NtQueryInformationProcess() I've a target that is using it. |
#58
|
||||
|
||||
This function is already hooked. Maybe it's a bug. Please send me the binary which detects it.
|
#59
|
|||
|
|||
No problems so far, works like a charm, thanks.
|
Tags |
anti-anti-debug, anti-debug, ollydbg, ollyext, plugin |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DEF plugin for OllyDbg 2.XX | wilson bibe | Community Tools | 2 | 07-22-2014 09:01 |