Exetools
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   OllyDBG v2.xx plugin - OllyExt (https://forum.exetools.com/showthread.php?t=15258)

mr.exodia 02-11-2014 22:53
@ferrit.rce: how do you use XED library? Would it be possible to share a little source snippet, I'm still looking for an assembler for x64_dbg.

Greetings

ferrit.rce 02-12-2014 00:02
OK, I'll PM you the details...

Quote:
Originally Posted by mr.exodia (Post 89929)
@ferrit.rce: how do you use XED library? Would it be possible to share a little source snippet, I'm still looking for an assembler for x64_dbg.

Greetings

softgate 02-12-2014 01:11
Hi, I'm trying to run it (VMProtect) under Olly2 without being detected:
http://www12.zippyshare.com/v/82220150/file.html

I've read this thread from the top and tried a set of parameters you've mentioned earlier as well as all the OllyExt options enabled, but it still detects the existence of Olly2.

I'm using Win7 x64 and the latest Olly2 and OllyExt (and no other plugins). Olly2's SFX features are all disabled and all exceptions are ignored.

Any help would be much appreciated!

ahmadmansoor 02-12-2014 19:21
Quote:
Originally Posted by ferrit.rce (Post 89930)
OK, I'll PM you the details...
Quote:
@ferrit.rce: how do you use XED library? Would it be possible to share a little source snippet
Can I have this too ,pls :D
Thanks

mr.exodia 02-12-2014 21:26
@ahmadmansoor: Somewhere these days I will start working on an open source asm parser for the XED library. I will add you to the repo when this project is started.

Greetings

ferrit.rce 02-12-2014 22:21
OK, first of all I'll make the last build stable by fixing all the issues and in the meantime let's start a new parser and I'll contribute.

ahmadmansoor 02-13-2014 00:00
Quote:
Originally Posted by mr.exodia (Post 89951)
@ahmadmansoor: Somewhere these days I will start working on an open source asm parser for the XED library. I will add you to the repo when this project is started.

Greetings
big Thanks for ur offer mr.exodia :D .and I am waiting that .

softgate 02-13-2014 02:14
By any chance you didn't notice the existence of my post at #43, I'm still wondering how to get Olly2 + Ollyext load the VMProtected executable undetected on Windows 7 x64.

Any information and/or suggestion would be very appreciated. :)

ferrit.rce 02-13-2014 03:47
I've noticed it :) All in all seems like I've made some existing protections dead. Most probably that's reason why it gets detected. I'm working on the issues but it takes some time...

Quote:
Originally Posted by softgate (Post 89959)
By any chance you didn't notice the existence of my post at #43, I'm still wondering how to get Olly2 + Ollyext load the VMProtected executable undetected on Windows 7 x64.

Any information and/or suggestion would be very appreciated. :)

sendersu 02-13-2014 03:51
Quote:
Originally Posted by softgate (Post 89959)
By any chance you didn't notice the existence of my post at #43, I'm still wondering how to get Olly2 + Ollyext load the VMProtected executable undetected on Windows 7 x64.

Any information and/or suggestion would be very appreciated. :)
I had similar issue
try from clean Olly ini file

ferrit.rce 02-13-2014 06:47
1 Attachment(s)
New v1.72 is out. Changes:
Code:
12.02.2014
        - KiUserExceptionDispatcher fix
        - NtSetThreadContext fix
        - ZwContinue fix

softgate 02-13-2014 09:05
Thank you for your comments.

I've tried with a clean Olly and OllyExt ini file, using v1.72, but so far no luck with it.
Since I'm not particularly in hurry, I would like to try it again with later versions.

Thanks again for your efforts you put into OllyExt.

MistHill 02-28-2014 11:22
@ ferrit.rce
Nice work!

ferrit.rce 02-28-2014 22:38
1 Attachment(s)
New v1.73 is out. Changes:
Code:
26.02.2014
        - NtClose has to return c0000008 fix

24.02.2014
        - Error message appears if breakpoint is in the function which one to hook ( hook will be skipped )
        - Protection will be updated if a new module loaded
I've tested VMP with this version and it works :)

ferrit.rce 04-13-2014 22:16
1 Attachment(s)
New v1.74 is out. Changes:
Code:
13.04.2014
        - Custom caption possibility added

ferrit.rce 04-27-2014 16:13
1 Attachment(s)
New v1.8 is out. Changes:

Code:
27.04.2014
        - Custom patch framework implemented
        - Custom patch signature ripping

24.04.2014
        - Icon change can be turned off

sendersu 05-25-2014 18:44
Hi ferrit
how about processing this method of detecting?

ntdll.NtQueryInformationProcess()
I've a target that is using it.

ferrit.rce 06-02-2014 06:29
This function is already hooked. Maybe it's a bug. Please send me the binary which detects it.

Quote:
Originally Posted by sendersu (Post 91578)
Hi ferrit
how about processing this method of detecting?

ntdll.NtQueryInformationProcess()
I've a target that is using it.

tenketsu 06-15-2014 08:39
No problems so far, works like a charm, thanks.


All times are GMT +8. The time now is 13:59.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX