1. Теперь за форумную активность начисляются биткоины и другие криптоденьги. Подробнее.
    Скрыть объявление
  2. Появилась архивная версия форума arhiv.xaker.name, где собраны темы с 2007 по 2012 год.
    Скрыть объявление

Oreans UnVirtualizer ODBG Plug-in

Тема в разделе "Инструментарий", создана пользователем BAHEK, 6 мар 2012.

  1. BAHEK
    BAHEK Новичок
    Oreans UnVirtualizer ODBG Plug-in

    This tool will help conversion VirtualOpcodes -> Assembly Instruction restoring the original code of your virtualized Application, the basic engine was from CodeUnvirtualizer, my other tool

    - Supports WinLicense/Themida/CodeVirtualizer Cisc Machines
    - Supports almost all common opcodes
    - Supppots MultiBranch Tech

    - Right-click on the jump leading to the Virtual Machine Area and press Unvirtualize (If machine isn't found you have to click again, after checking that the full machine was correctly deofuscated)

    [Oreans UnVirtualizer]
    - Fixed Cisc - CALL [REG32+IMMC]
    - Fixed Cisc - SHL REG32, IMMC
    - Fixed an issue with odbg when using context menu
    - Added TAB key on windows
    - Added autofill on FindReferences window
    - Risc-64 machine function Posted Image
    - Added OreansAssember_Risc.cfg

    Well, it was a long journey to deal with Risc, but i'ts almost finished, hope you like it Posted Image

    Some info about RISC machines
    - It's still on debug mode, so it may take long time for deofuscate it
    - 128 variant is not avaible, it could fail on that machine
    - The example provided was modified in order to show how to deal when deofuscation fails
    - In case of failure, two errors may popup (1) About Follow jump, this has a trail-error solution:
    press reload and then the other option, (2) about could not find XXXX handler,
    in this case the left list control show the current vm entry, and the right one the 'ideal handler',
    on 80% of cases, the red instruction is the problem, the yellow part shows the handler that could
    not be identified, press delete after selecting the 'wrong instruction' on the left panel (could be more than one)
    - The example was compiled with full protection 64variant
    - Can't read some opcodes like movzx, xchg, movsx, muls, div, etc

    Hidden Content:
    **Hidden Content: To see this hidden content your post count must be 1 or greater.**
    6 мар 2012
  2. BAHEK
    BAHEK Новичок
    Oreans UnVirtualizer ODBG Plug-in 1.8

    - FISH BLACK variant avaible
    - Fixed deofuscation order (GenV6)
    - New deofucation scheme for FISH machine
    - New smart code tracer for FISH machines
    - Stack sort for FISH commands
    - Improved management of memory (faster deofuscation)
    - Added movzx reg32, [esp+eax+memoffset] on CISC machines
    - Added a message prompt when the opcode buffer is not enough
    - Added LEAVE instruction for FISH machines
    - Added support for CALLs to VM section in FISH machines
    - CHECK_PROTECTION macro disabled, now it must be restored by hand
    - Fixed QWORD incorrect names for some opcodes
    - Fixed a problem when deofuscating RISC machines

    - FISH machine avaible (WHITE and RED variants)
    - Added Vm signatures

    - RISC machine re-designed
    - Added RISC V2 machines (new branch tech)
    - Added Pushad-popad instructions on risc machines
    - Fixed some issues with end jump
    - Added new detection for virtual machines
    - Added abort button

    - Fixed Unvirtualize with Jump on CISC machines
    - Fixed some errors when handling signed constants on RISC
    - Fixed an issue when processing MOVS instrution on CISC machine
    - Fixed some inversion data when processing COMM, REGX, REGX (like XOR EDI,ESI was decoded as XOR ESI,EDI)
    - Fixed a problem when handling AH CH DH BH registers on COMM2 instructions
    - Added MOVSX - MOVZX - XCHG - IMUL - MUL - DIV - IDIV - PUSHFD - POPFD instructions on RISC
    - Added CALL [ESP+IMMC] on Cisc Machine
    - Added support of dump files on RISC machines
    - OreansAssember_Risc.cfg updated
    - DLL Support on CISC and RISC machines

    8 фев 2014

Поделиться этой страницей