EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #46  
Old 12-17-2010, 07:38
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 3 Times in 3 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
ahmad:

Get well!

Your post showed up twice, so I deleted the second copy, after making sure they were both the same.

Regards,
__________________
JMI
Reply With Quote
  #47  
Old 12-17-2010, 07:42
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 989
Rept. Given: 457
Rept. Rcvd 356 Times in 132 Posts
Thanks Given: 156
Thanks Rcvd at 168 Times in 41 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
I am sorry JMI I think the Illness make me unwill
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #48  
Old 12-17-2010, 21:11
BoRoV's Avatar
BoRoV BoRoV is offline
Lo*eXeTools*rd
 
Join Date: Aug 2009
Posts: 56
Rept. Given: 3
Rept. Rcvd 91 Times in 24 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
BoRoV Reputation: 91
test it VMSweeper 1.4 beta 3
http://rghost.net/3641920
Reply With Quote
The Following User Gave Reputation+1 to BoRoV For This Useful Post:
1ST (12-18-2010)
  #49  
Old 12-18-2010, 00:58
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 989
Rept. Given: 457
Rept. Rcvd 356 Times in 132 Posts
Thanks Given: 156
Thanks Rcvd at 168 Times in 41 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
@BoRoV : the same problem at the end of "Analyse all VM references"
olly shutdown !!! failed
I try it on modified olly and original olly .
by the way ,did u see this movie .
http://www.filesend.net/download.php...b41755226d09fb

Thanks for support
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #50  
Old 12-18-2010, 01:17
LCF-AT LCF-AT is offline
Lo*eXeTools*rd
 
Join Date: Aug 2008
Location: Château-Saint-Martin
Posts: 33
Rept. Given: 4
Rept. Rcvd 15 Times in 6 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 1 Post
LCF-AT Reputation: 15
Hello,

@ BoRoV & progopis

Thanks for the new version so now it does no more crash.I have test the new version again and I get this problems.
Code:
Can't make marking IAT to address - 0043421C.
Two DLL (ƒÄ‹ÆëÚÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌl - ) are in one section,
create intersections dividers and repeat analysis!
Now I tried to decompile the VM Entry and I get this.
Code:
VMS Decompiling intermediate code...a12 final

Unknown identifier in xor efl, eax

VMS: Error Code not created
Short question: can you mabye add in the VM Reference a option where I can set BPs?Somthing like this.
Code:
VM Reference Window

Set BPs on all
Set BPs on all Postponed
Set BPs on all Processing
@ ahmadmansoor

Nice to see you again.Back in town.
So if the file not work with win Vista or 7 then try to disable the ASLR feature.So its a OS setting.Dont ask me where to find this so I just heard it also for the first time from a other win7 user.
So on the other hand it can be that Vista / Win7 are using some other APIs which you need to translate...something like for win 2000 with...

RtlGetLastWin32Error = GetLastError
RtlSetLastWin32Error = SetLastError

...maybe..you know.So unfortunately I can't test it by myself so I have just winXP and no more a VM Ware with a other OS where I can test to find the problems. Maybe you can figure out something.

greetz
Reply With Quote
  #51  
Old 12-18-2010, 01:45
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 989
Rept. Given: 457
Rept. Rcvd 356 Times in 132 Posts
Thanks Given: 156
Thanks Rcvd at 168 Times in 41 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Hi LCF-At :
Thanks for ur nice word's , yes I am back ,but I still weak (ill) .
anyway about "ASLR feature" as u describe it ,it is feature in upper OS like win 7 & Vista .
and disable it not that good , I have read this
Quote:
Unfortunately there is no legitimate way to disable ASLR on Windows Vista and later. In fact, it is a security enhancement and no one should try disabling it.
I have try to disable it by a command line (get it form the net ),and my OS fail .
anyway as I told u I have a plane to support ur script , but I have to be sure it will be work ,and I will send all the details to u when finish , maybe we could prove it and improve it . let hope it will work .
thanks for all ur great work .

by the way for me the plugin not work on my target , can u try it on ur PC ,thanks
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #52  
Old 12-18-2010, 02:05
LCF-AT LCF-AT is offline
Lo*eXeTools*rd
 
Join Date: Aug 2008
Location: Château-Saint-Martin
Posts: 33
Rept. Given: 4
Rept. Rcvd 15 Times in 6 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 1 Post
LCF-AT Reputation: 15
Hhmmm,ah ok.I will send you some power up's.

Seems to be really a problem with the ASLR stuff.Oh I am curious for your plan & results. I will wait till you are done.

So do you mean the S Eye app?If yes then I have to say that the target is no more on my HDD.

Or do you mean your VB target which you have attached here on board?If yes then I can say that I have test it again with the latest plugin version and it still not work and hangs again on 21 % durring the VM Analyzing.Nothing happend after this.So I think BoRoV & progopis should use this VB target too to find the problem.

greetz
Reply With Quote
  #53  
Old 12-18-2010, 03:08
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 989
Rept. Given: 457
Rept. Rcvd 356 Times in 132 Posts
Thanks Given: 156
Thanks Rcvd at 168 Times in 41 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Quote:
Originally Posted by LCF-AT View Post
Hhmmm,ah ok.I will send you some power up's.
Ooops ..... Ooo pls ,because I needed

Quote:
Originally Posted by LCF-AT View Post
Seems to be really a problem with the ASLR stuff.Oh I am curious for your plan & results. I will wait till you are done.
it will be soon - dll file I hope or maybe 2 dll file -

Quote:
Originally Posted by LCF-AT View Post
So do you mean the S Eye app?If yes then I have to say that the target is no more on my HDD.
Or do you mean your VB target which you have attached here on board?If yes then I can say that I have test it again with the latest plugin version and it still not work and hangs again on 21 % durring the VM Analyzing.Nothing happend after this.So I think BoRoV & progopis should use this VB target too to find the problem.
greetz
yes my friend both , but the first one is Good example , I think .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #54  
Old 12-27-2010, 12:04
΢Цһ ΢Цһ is offline
Friend
 
Join Date: Dec 2006
Location: ....
Posts: 22
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 1
Thanks Rcvd at 0 Times in 0 Posts
΢Цһ Reputation: 1
Good tool.
3Q.
Reply With Quote
  #55  
Old 12-28-2010, 01:47
progopis progopis is offline
CrackTool coder
 
Join Date: Jan 2009
Location: ru
Posts: 231
Rept. Given: 90
Rept. Rcvd 152 Times in 57 Posts
Thanks Given: 1
Thanks Rcvd at 8 Times in 4 Posts
progopis Reputation: 100-199 progopis Reputation: 100-199
Sorry guys, but last Vamit builds have no my changes. I have no time for commit my work to SVN... Maybe a few weeks later I will do it.

The problem of OllyDbg disasm annoys me. It incorrectly decodes FPU instructions. And plug-in doesn't work with FullDisasm by Beatrix together... I need free time for this problem.

P.S. The fact that I'm getting married soon, lol)
Reply With Quote
The Following User Gave Reputation+1 to progopis For This Useful Post:
ahmadmansoor (12-28-2010)
  #56  
Old 12-28-2010, 05:55
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 989
Rept. Given: 457
Rept. Rcvd 356 Times in 132 Posts
Thanks Given: 156
Thanks Rcvd at 168 Times in 41 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Thumbs up

Nice to know that my friend ....Good for u .
and happy marry ..... take care after married u will not have a time for us at all .
epically if she is beautiful .
so take ur time , no problem we can wait .
things make u happy ,will make us happy too ...

Best Reagrds

note: we will wait the pictures
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following User Gave Reputation+1 to ahmadmansoor For This Useful Post:
progopis (12-30-2010)
  #57  
Old 12-30-2010, 03:52
LCF-AT LCF-AT is offline
Lo*eXeTools*rd
 
Join Date: Aug 2008
Location: Château-Saint-Martin
Posts: 33
Rept. Given: 4
Rept. Rcvd 15 Times in 6 Posts
Thanks Given: 0
Thanks Rcvd at 2 Times in 1 Post
LCF-AT Reputation: 15
Yes happy marry to progopis! Now you are going right into the jail! Good luck and keep your money together.

So did someone of you already test the VMP Debugger?

greetz
Reply With Quote
The Following 2 Users Gave Reputation+1 to LCF-AT For This Useful Post:
KuNgBiM (01-27-2011), progopis (12-30-2010)
  #58  
Old 01-23-2011, 18:24
BoRoV's Avatar
BoRoV BoRoV is offline
Lo*eXeTools*rd
 
Join Date: Aug 2009
Posts: 56
Rept. Given: 3
Rept. Rcvd 91 Times in 24 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
BoRoV Reputation: 91
VMSweeper 1.4 beta 6
http://rghost.net/4045176/private/f7fe4133d63053c4345acb0c4cf085cc
Reply With Quote
The Following 6 Users Gave Reputation+1 to BoRoV For This Useful Post:
1ST (01-23-2011), ahmadmansoor (01-23-2011), besoeso (01-23-2011), Ember (01-24-2011), KuNgBiM (01-27-2011), _ruzmaz_ (01-24-2011)
  #59  
Old 01-24-2011, 05:01
Ember Ember is offline
Friend
 
Join Date: Feb 2009
Posts: 78
Rept. Given: 70
Rept. Rcvd 25 Times in 15 Posts
Thanks Given: 28
Thanks Rcvd at 47 Times in 18 Posts
Ember Reputation: 25
I cannot get this plugin working on CodeVirtualizer targets. It errors with "Error at determine type VM entry point" for every VM'd function.
From the log:
Code:
Instr: 15 parsing - 0x00454D4F: lock dword ptr ds:[edi + 30h], ecx
#ERROR# TraceCodes: Instruction lock has no handler!
Reply With Quote
  #60  
Old 01-26-2011, 09:38
kvllz
 
Posts: n/a
thanks for public
Reply With Quote
Reply

Tags
codevirualizer, decompiler, vmprotect, vmsweeper

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is there linux vm tool like vmprotect? swlepus General Discussion 4 12-23-2011 10:07


All times are GMT +8. The time now is 22:01.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX