|
@BoRoV : I have a target which make olly fall (Crash ).
I load the target and reach the OEP , and do the vmsweeper plugin , it reach to 50 % then olly exit . I unpacked the target , and it work fine , but it came the same result . I would like to upload it to make u make some test and send it to progopis or to the Author of this nice plugin . Thanks in adv |
I'm still getting that lock handler error on every CV target I try this on.
|
You can contact the author in this topic http://forum.tuts4you.com/index.php?showtopic=25077
He was there answering questions. |
Hi!
Quote:
|
Welcome Vam between us .... and Thanks for response .
I will send the target to ur PM , sorry from all , it is a private software . Edit: after it decoded "kernel32.GetVersion" , it produce the trc file , but not produce log file and olly exit Quote:
Quote:
Quote:
Quote:
|
Quote:
When you give the information from trc or log a file that inform their address. |
yes ... yes . it is VMware problem .
olly fail - maybe out of memory - I try it on Vista -My OS- without Vmware . it reach to 100 % and found all reference . then olly hang . |
now it not work as well .
it reach 21.5% then hange . dose OS affect on this plugin. can u share ur olly which u make the tests on ? Thanks |
Use clean WinXp SP3 or VMWare with WinXP SP3 then problems should not be.
Some options of assembler Olly influence quality of a code and analysis VMSweeper. Look the configuration on which the plugin was created and tested. Options which result in error at analysis/decompiling of a code are selected. [Settings] IDEAL disassembling mode=0 Disassemble in lowercase=0 Separate arguments with TAB=0 Extra space between arguments=0 Show default segments=1 Always show memory size=1 NEAR jump modifiers=0 Show local module names=1 Show symbolic addresses=0 Use short form of string commands=0 Use RET instead of RETN=0 SSE size decoding mode=0 Size sensitive mnemonics=1 Top of FPU stack=1 Decode registers for any IP=0 Automatically select register type=0 Decode SSE registers=0 |
Quote:
|
Ok VAM .. so my Olly still life and not aged :p .
so I have to wait for next version ... pls I can't wait -longing to see the new one - :rolleyes: ....when it will be :D . many thanks for ur nice work |
New version VMSweeper v1.4 beta 10
Added: 1. Improved layout is completely erased IAT. 2. Improved detection of the names of API functions. 3. Resizing Virtual Segment intermediate code (VMS size option in the ini file). 4. Tracking the memory contents and the entire stack to create intermediate code. 5. Improved devirtualization conditional jumps. 6. Code analyzer detects two types of code: a clean and obfuscate. They were previously in the group "Cancelled". 7. Devirtualization instruction sub esp without flags. 8. Processing of the entry to VM type call xx (can decompile any intermediate input in the VM). 9. Automatic mode code analysis VM. Go to this mode on demand after the first restart the application. Code obtained in this mode can be worse than the code obtained in manual mode (Ctrl+F2 -> [F9] -> Shift+F1), but allows you to quickly check whether the decompiled code. In this mode works only static code analyzer. Fixed: 1. Processing of transit (blank) out of the VM. 2. Fixed exception when restoring compliance VM registers and CPU. 3. Determining the number of arguments obfuscate function. 4. Pikode can be detected in any segment of the analyzed application. |
this tool doesnt open in win7 or compilation wrong.
please fix. thank. |
Quote:
Use clean WinXp SP3 or VMWare with WinXP SP3 then problems should not be. |
2 Attachment(s)
Hi Vam ....
I have this problem now !!! pls can u check it again :rolleyes: Thanks |
| All times are GMT +8. The time now is 15:49. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX