EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #46  
Old 02-12-2014, 22:21
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
OK, first of all I'll make the last build stable by fixing all the issues and in the meantime let's start a new parser and I'll contribute.
Reply With Quote
  #47  
Old 02-13-2014, 00:00
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 979
Rept. Given: 455
Rept. Rcvd 351 Times in 129 Posts
Thanks Given: 142
Thanks Rcvd at 121 Times in 33 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Quote:
Originally Posted by mr.exodia View Post
@ahmadmansoor: Somewhere these days I will start working on an open source asm parser for the XED library. I will add you to the repo when this project is started.

Greetings
big Thanks for ur offer mr.exodia .and I am waiting that .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #48  
Old 02-13-2014, 02:14
softgate softgate is offline
Friend
 
Join Date: May 2013
Posts: 15
Rept. Given: 26
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 7
Thanks Rcvd at 0 Times in 0 Posts
softgate Reputation: 4
By any chance you didn't notice the existence of my post at #43, I'm still wondering how to get Olly2 + Ollyext load the VMProtected executable undetected on Windows 7 x64.

Any information and/or suggestion would be very appreciated.
Reply With Quote
  #49  
Old 02-13-2014, 03:47
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
I've noticed it All in all seems like I've made some existing protections dead. Most probably that's reason why it gets detected. I'm working on the issues but it takes some time...

Quote:
Originally Posted by softgate View Post
By any chance you didn't notice the existence of my post at #43, I'm still wondering how to get Olly2 + Ollyext load the VMProtected executable undetected on Windows 7 x64.

Any information and/or suggestion would be very appreciated.
Reply With Quote
  #50  
Old 02-13-2014, 03:51
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 825
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 164
Thanks Rcvd at 234 Times in 119 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Quote:
Originally Posted by softgate View Post
By any chance you didn't notice the existence of my post at #43, I'm still wondering how to get Olly2 + Ollyext load the VMProtected executable undetected on Windows 7 x64.

Any information and/or suggestion would be very appreciated.
I had similar issue
try from clean Olly ini file
Reply With Quote
  #51  
Old 02-13-2014, 06:47
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
New v1.72 is out. Changes:
Code:
12.02.2014
	- KiUserExceptionDispatcher fix
	- NtSetThreadContext fix
	- ZwContinue fix
Attached Files
File Type: zip OllyExt_1.72.zip (405.0 KB, 72 views)
Reply With Quote
The Following 8 Users Gave Reputation+1 to ferrit.rce For This Useful Post:
copyleft (02-13-2014), h8er (02-14-2014), Kla$ (02-13-2014), MarcElBichon (02-13-2014), MistHill (02-28-2014), sendersu (02-13-2014), TQN (02-13-2014), zeuscane (02-13-2014)
  #52  
Old 02-13-2014, 09:05
softgate softgate is offline
Friend
 
Join Date: May 2013
Posts: 15
Rept. Given: 26
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 7
Thanks Rcvd at 0 Times in 0 Posts
softgate Reputation: 4
Thank you for your comments.

I've tried with a clean Olly and OllyExt ini file, using v1.72, but so far no luck with it.
Since I'm not particularly in hurry, I would like to try it again with later versions.

Thanks again for your efforts you put into OllyExt.
Reply With Quote
The Following User Gave Reputation+1 to softgate For This Useful Post:
ferrit.rce (03-01-2014)
  #53  
Old 02-28-2014, 11:22
MistHill MistHill is offline
Family
 
Join Date: Dec 2012
Posts: 28
Rept. Given: 12
Rept. Rcvd 40 Times in 12 Posts
Thanks Given: 26
Thanks Rcvd at 107 Times in 19 Posts
MistHill Reputation: 40
@ ferrit.rce
Nice work!
Reply With Quote
The Following User Gave Reputation+1 to MistHill For This Useful Post:
ferrit.rce (03-01-2014)
  #54  
Old 02-28-2014, 22:38
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
New v1.73 is out. Changes:
Code:
26.02.2014
	- NtClose has to return c0000008 fix

24.02.2014
	- Error message appears if breakpoint is in the function which one to hook ( hook will be skipped )
	- Protection will be updated if a new module loaded
I've tested VMP with this version and it works
Attached Files
File Type: zip OllyExt_1.73.zip (405.1 KB, 56 views)
Reply With Quote
The Following 2 Users Gave Reputation+1 to ferrit.rce For This Useful Post:
quygia128 (03-01-2014), sendersu (03-01-2014)
  #55  
Old 04-13-2014, 22:16
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
Smile

New v1.74 is out. Changes:
Code:
13.04.2014
	- Custom caption possibility added
Attached Files
File Type: zip OllyExt_1.74.zip (405.5 KB, 49 views)
Reply With Quote
The Following 5 Users Gave Reputation+1 to ferrit.rce For This Useful Post:
alekine322 (04-15-2014), Av0id (04-15-2014), demon_da (04-22-2014), sendersu (04-14-2014), TQN (04-19-2014)
  #56  
Old 04-27-2014, 16:13
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
Smile

New v1.8 is out. Changes:

Code:
27.04.2014
	- Custom patch framework implemented
	- Custom patch signature ripping

24.04.2014
	- Icon change can be turned off
Attached Files
File Type: zip OllyExt_1.8.zip (412.0 KB, 100 views)
Reply With Quote
The Following 3 Users Gave Reputation+1 to ferrit.rce For This Useful Post:
demon_da (05-06-2014), Jhonjhon_123 (04-28-2014), zeuscane (05-26-2014)
  #57  
Old 05-25-2014, 18:44
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 825
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 164
Thanks Rcvd at 234 Times in 119 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Hi ferrit
how about processing this method of detecting?

ntdll.NtQueryInformationProcess()
I've a target that is using it.
Reply With Quote
  #58  
Old 06-02-2014, 06:29
ferrit.rce's Avatar
ferrit.rce ferrit.rce is offline
VIP
 
Join Date: Sep 2013
Location: Switzerland
Posts: 42
Rept. Given: 10
Rept. Rcvd 101 Times in 23 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ferrit.rce Reputation: 100-199 ferrit.rce Reputation: 100-199
This function is already hooked. Maybe it's a bug. Please send me the binary which detects it.

Quote:
Originally Posted by sendersu View Post
Hi ferrit
how about processing this method of detecting?

ntdll.NtQueryInformationProcess()
I've a target that is using it.
Reply With Quote
  #59  
Old 06-15-2014, 08:39
tenketsu tenketsu is offline
Friend
 
Join Date: Sep 2005
Posts: 19
Rept. Given: 3
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
tenketsu Reputation: 0
No problems so far, works like a charm, thanks.
Reply With Quote
Reply

Tags
anti-anti-debug, anti-debug, ollydbg, ollyext, plugin

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DEF plugin for OllyDbg 2.XX wilson bibe Community Tools 2 07-22-2014 09:01


All times are GMT +8. The time now is 05:23.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX