Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-01-2018, 00:12
hors's Avatar
hors hors is offline
Developer
 
Join Date: Aug 2014
Posts: 71
Rept. Given: 16
Rept. Rcvd 111 Times in 52 Posts
Thanks Given: 27
Thanks Rcvd at 652 Times in 64 Posts
hors Reputation: 100-199 hors Reputation: 100-199
XVolkolak

Xvolkolak is an unpacker emulator.
Unlike programs of this type, it does not use DebugAPI and other features of the operating system. Everything is emulated. You can safely unpack malware for further investigation without the risk of damaging the system.
All machine instructions are not executed on a real processor, so unpacking occurs regardless of the processor type and the operating system.
It is possible to unpack 64 bit files on 32 operating systems.
This build emulates the processors intel x86 and AMD64.
It supports unpacking 32 and 64 bit Windows executable files. If there is community interest, it will be possible to unpack other executable files (ELF, MSDOS, Mach-O) and other processors.

Due to its capabilities, with the correct manual setting, the program engine can be used to unpack almost any packer / tread.
However, this version of the program works in a fully automatic mode and can only unpack simple non-commercial unpackers such as:

UPX
ASPack
NsPack
Mpress
MEW
(Win) Upack
FSG
and some others.

The version of the program with the possibility of unpacking commercial protectors (such as VMProtect, ASProtect and others) will not appear in the public domain for obvious reasons.

The program is absolutely free for non-commercial and commercial use.

This version is for Windows. If you need a build for Linux, please let me know with the exact name of the operating system (for example Ubuntu 17.10 64 bit). The version for Linux is completely identical to the version of Windows.

The program is still in alpha status, so I would be grateful for all the comments on the program, as well as for links to files with simple packers. First of all, packed samples of malicious programs are of interest. Address for communication horsicq [at] gmail.com.

Download
More info

Last edited by hors; 07-12-2018 at 16:52. Reason: New version
Reply With Quote
The Following 23 Users Say Thank You to hors For This Useful Post:
an0rma1 (05-31-2018), bolo2002 (04-02-2018), Corsten (05-15-2018), foosaa (07-09-2018), h4sh3m (04-03-2018), Insid3Code (04-10-2018), kienmanowar (04-01-2018), Levis (06-02-2018), LordGarfio (04-08-2020), MarcElBichon (04-01-2018), Nacho_dj (05-30-2018), niculaita (04-01-2018), nimaarek (10-24-2018), NoneForce (05-30-2018), nulli (04-03-2018), ontryit (06-01-2018), sh3dow (04-17-2018), Stingered (04-01-2018), taos (04-05-2018), tonyweb (04-01-2018), uranus64 (04-03-2018), virus (04-03-2018), wilson bibe (04-01-2018)
  #2  
Old 04-02-2018, 23:39
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 614
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 217
Thanks Rcvd at 238 Times in 152 Posts
bolo2002 Reputation: 14
"The version of the program with the possibility of unpacking commercial protectors (such as VMProtect, ASProtect and others) will not appear in the public domain for obvious reasons."

i'm living for obvious reasons,if you have a version or know where to get it,let me know in private.
__________________
I like this forum!
Reply With Quote
  #3  
Old 04-03-2018, 00:58
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
Agree to bolo2002
I'm also interested in the non public version
You also can give me a point in PM
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #4  
Old 04-03-2018, 07:20
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 179
Rept. Given: 36
Rept. Rcvd 54 Times in 24 Posts
Thanks Given: 49
Thanks Rcvd at 117 Times in 69 Posts
evlncrn8 Reputation: 54
wow, ignorance is bliss eh ?
are you aware that hors is the actual author ? its stuff like this that really demotivates authors and destroys projects
Reply With Quote
The Following 3 Users Say Thank You to evlncrn8 For This Useful Post:
Abaddon (04-03-2018), MarcElBichon (04-03-2018), zeffy (04-05-2018)
  #5  
Old 04-05-2018, 23:37
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 614
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 217
Thanks Rcvd at 238 Times in 152 Posts
bolo2002 Reputation: 14
Quote:
Originally Posted by evlncrn8 View Post
wow, ignorance is bliss eh ?
are you aware that hors is the actual author ? its stuff like this that really demotivates authors and destroys projects
And then what?

did i say something against him?No.
did i share something exetools only outside?Never.
i just asked him if it want to share it in private that's all.
both posts reflect more than good knowledges in RE!
i don't know what's wrong in my reply.
he's the author,free to him to do what he want from that and i doubt it's something that demotivates author and destroys projects.
__________________
I like this forum!
Reply With Quote
The Following 3 Users Say Thank You to bolo2002 For This Useful Post:
an0rma1 (05-31-2018), niculaita (04-06-2018), taos (04-06-2018)
  #6  
Old 05-30-2018, 16:50
hors's Avatar
hors hors is offline
Developer
 
Join Date: Aug 2014
Posts: 71
Rept. Given: 16
Rept. Rcvd 111 Times in 52 Posts
Thanks Given: 27
Thanks Rcvd at 652 Times in 64 Posts
hors Reputation: 100-199 hors Reputation: 100-199
XVolkolak 0.18

Windows 7-10 Download
Windows XP Download
Linux Ubuntu 18.04 x64 Download
OSX Download
Reply With Quote
The Following 5 Users Gave Reputation+1 to hors For This Useful Post:
deepzero (05-31-2018), Insid3Code (06-01-2018), Levis (06-02-2018), MarcElBichon (05-30-2018), uranus64 (05-31-2018)
The Following 12 Users Say Thank You to hors For This Useful Post:
Abaddon (06-01-2018), an0rma1 (05-31-2018), copyleft (06-01-2018), Loki (06-01-2018), Nacho_dj (05-30-2018), p4r4d0x (09-07-2018), T-rad (09-07-2018), tonyweb (06-01-2018), uranus64 (05-31-2018), user_hidden (06-01-2018), zeffy (06-02-2018), Zeokat (06-02-2018)
  #7  
Old 05-30-2018, 21:32
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
@hors
does it support previous Ubuntu LTS ed?
eg 14 or 16
Reply With Quote
  #8  
Old 06-01-2018, 02:01
hors's Avatar
hors hors is offline
Developer
 
Join Date: Aug 2014
Posts: 71
Rept. Given: 16
Rept. Rcvd 111 Times in 52 Posts
Thanks Given: 27
Thanks Rcvd at 652 Times in 64 Posts
hors Reputation: 100-199 hors Reputation: 100-199
Quote:
Originally Posted by sendersu View Post
@hors
does it support previous Ubuntu LTS ed?
eg 14 or 16
It should work on 14 and 16 too.
Reply With Quote
The Following User Says Thank You to hors For This Useful Post:
sendersu (07-13-2018)
  #9  
Old 07-12-2018, 16:51
hors's Avatar
hors hors is offline
Developer
 
Join Date: Aug 2014
Posts: 71
Rept. Given: 16
Rept. Rcvd 111 Times in 52 Posts
Thanks Given: 27
Thanks Rcvd at 652 Times in 64 Posts
hors Reputation: 100-199 hors Reputation: 100-199
XVolkolak 0.21

Windows 7-10 Download
Windows XP Download
Linux Ubuntu 18.04 x64 Download
OSX Download
Reply With Quote
The Following 2 Users Gave Reputation+1 to hors For This Useful Post:
MarcElBichon (07-12-2018), taos (07-12-2018)
The Following 9 Users Say Thank You to hors For This Useful Post:
bolo2002 (07-13-2018), Coldzer0 (07-13-2018), dj-siba (07-12-2018), espkk (07-16-2018), niculaita (07-12-2018), trickyboy (09-06-2018), user_hidden (07-12-2018), wilson bibe (07-12-2018), zeffy (07-13-2018)
  #10  
Old 09-07-2018, 07:07
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
August 11, 2018 XVolkolak 0.22

Windows 7-10 Download
Windows XP Download
Linux Ubuntu 18.04 x64 Download
OSX Download

Credits of course go to hors
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
Stingered (01-02-2019)
  #11  
Old 09-06-2018, 13:37
trickyboy trickyboy is offline
Friend
 
Join Date: Dec 2005
Posts: 43
Rept. Given: 11
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 14
Thanks Rcvd at 3 Times in 3 Posts
trickyboy Reputation: 0
Was there any body that got a private version? Please pm me, thank you.
Reply With Quote
  #12  
Old 09-06-2018, 23:54
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 614
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 217
Thanks Rcvd at 238 Times in 152 Posts
bolo2002 Reputation: 14
Quote:
Originally Posted by trickyboy View Post
Was there any body that got a private version? Please pm me, thank you.
I'm still waiting for a private version and keep it private.
you didn't seen my post above,it's bad to ask for it.
__________________
I like this forum!
Reply With Quote
  #13  
Old 09-07-2018, 08:42
Megin Megin is offline
Banned User
 
Join Date: Jul 2018
Posts: 30
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 77
Thanks Rcvd at 97 Times in 39 Posts
Megin Reputation: 4
"The version of the program with the possibility of unpacking commercial protectors (such as VMProtect, ASProtect and others) will not appear in the public domain for obvious reasons."

Does such a version actually exist in the first place?
Given the fact that VMProtect and other complex protectors have so many options available in their protectors, I seriously doubt whether any single tool by itself can unpack it completely.

Want to further confirm that you are not putting up the private version for sale, even to private researchers? I ask since sometimes research tools like these are made available to institutions and researchers, even if not released into the public domain.
Reply With Quote
The Following User Says Thank You to Megin For This Useful Post:
sh3dow (06-06-2021)
  #14  
Old 09-09-2018, 18:14
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 230
Rept. Given: 57
Rept. Rcvd 88 Times in 48 Posts
Thanks Given: 85
Thanks Rcvd at 132 Times in 54 Posts
Trit0n Reputation: 88
The author has never explicitly said that his Unpaker is capable of unpacking VMprotect.
(Is probably more wishful thinking)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 07:48.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )