#76
|
||||
|
||||
@BoRoV : I have a target which make olly fall (Crash ).
I load the target and reach the OEP , and do the vmsweeper plugin , it reach to 50 % then olly exit . I unpacked the target , and it work fine , but it came the same result . I would like to upload it to make u make some test and send it to progopis or to the Author of this nice plugin . Thanks in adv
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#77
|
|||
|
|||
I'm still getting that lock handler error on every CV target I try this on.
|
#78
|
||||
|
||||
You can contact the author in this topic http://forum.tuts4you.com/index.php?showtopic=25077
He was there answering questions. |
The Following 2 Users Gave Reputation+1 to BoRoV For This Useful Post: | ||
ahmadmansoor (02-25-2011), Ember (02-25-2011) |
#79
|
|||
|
|||
Hi!
Quote:
|
The Following User Gave Reputation+1 to Vam For This Useful Post: | ||
ahmadmansoor (02-25-2011) |
#80
|
||||
|
||||
Welcome Vam between us .... and Thanks for response .
I will send the target to ur PM , sorry from all , it is a private software . Edit: after it decoded "kernel32.GetVersion" , it produce the trc file , but not produce log file and olly exit Quote:
Quote:
Quote:
Quote:
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#81
|
|||
|
|||
Quote:
When you give the information from trc or log a file that inform their address. |
#82
|
||||
|
||||
yes ... yes . it is VMware problem .
olly fail - maybe out of memory - I try it on Vista -My OS- without Vmware . it reach to 100 % and found all reference . then olly hang .
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#83
|
||||
|
||||
now it not work as well .
it reach 21.5% then hange . dose OS affect on this plugin. can u share ur olly which u make the tests on ? Thanks
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#84
|
|||
|
|||
Use clean WinXp SP3 or VMWare with WinXP SP3 then problems should not be.
Some options of assembler Olly influence quality of a code and analysis VMSweeper. Look the configuration on which the plugin was created and tested. Options which result in error at analysis/decompiling of a code are selected. [Settings] IDEAL disassembling mode=0 Disassemble in lowercase=0 Separate arguments with TAB=0 Extra space between arguments=0 Show default segments=1 Always show memory size=1 NEAR jump modifiers=0 Show local module names=1 Show symbolic addresses=0 Use short form of string commands=0 Use RET instead of RETN=0 SSE size decoding mode=0 Size sensitive mnemonics=1 Top of FPU stack=1 Decode registers for any IP=0 Automatically select register type=0 Decode SSE registers=0 |
#85
|
|||
|
|||
Has checked up your program with WMSweeper v1.4 beta 9 (before checked with last version modified on today), it is valid at the end of the analysis there is an exception. So wait the following version of a plugin....
|
#86
|
||||
|
||||
Ok VAM .. so my Olly still life and not aged .
so I have to wait for next version ... pls I can't wait -longing to see the new one - ....when it will be . many thanks for ur nice work
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#87
|
|||
|
|||
New version VMSweeper v1.4 beta 10
Added: 1. Improved layout is completely erased IAT. 2. Improved detection of the names of API functions. 3. Resizing Virtual Segment intermediate code (VMS size option in the ini file). 4. Tracking the memory contents and the entire stack to create intermediate code. 5. Improved devirtualization conditional jumps. 6. Code analyzer detects two types of code: a clean and obfuscate. They were previously in the group "Cancelled". 7. Devirtualization instruction sub esp without flags. 8. Processing of the entry to VM type call xx (can decompile any intermediate input in the VM). 9. Automatic mode code analysis VM. Go to this mode on demand after the first restart the application. Code obtained in this mode can be worse than the code obtained in manual mode (Ctrl+F2 -> [F9] -> Shift+F1), but allows you to quickly check whether the decompiled code. In this mode works only static code analyzer. Fixed: 1. Processing of transit (blank) out of the VM. 2. Fixed exception when restoring compliance VM registers and CPU. 3. Determining the number of arguments obfuscate function. 4. Pikode can be detected in any segment of the analyzed application. |
The Following 3 Users Gave Reputation+1 to Vam For This Useful Post: | ||
#88
|
|||
|
|||
this tool doesnt open in win7 or compilation wrong.
please fix. thank. |
#89
|
|||
|
|||
The problem here is not in the plugin VMSweeper, but in the OllyDbg.
Use clean WinXp SP3 or VMWare with WinXP SP3 then problems should not be. |
#90
|
||||
|
||||
Hi Vam ....
I have this problem now !!! pls can u check it again Thanks
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
Tags |
codevirualizer, decompiler, vmprotect, vmsweeper |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Is there linux vm tool like vmprotect? | swlepus | General Discussion | 4 | 12-23-2011 10:07 |