Exetools
Page 8 of 11 « First 67 8 910 Last »
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   VM decompiler tool (VMProtect, CodeVirtualizer) (https://forum.exetools.com/showthread.php?t=13084)

orchid88 07-25-2011 16:49
Dear Vam,
I used the beta12,the iat of my application recovered successfully.But none of the Ponsponed can be decoded,such as 0x00411dfe.
When I tried to decode 0x0040DE5F where was labeled False code VM entry point,there came an error,
"Extra input after operand in push dword ptr ds:[0x0043905c]+0x7ddb8235+0x48899ea0".

PS:I can send you my application,which the oep is 0x0041E7EB at your wish.

JeRRy 08-03-2011 17:51
1 Attachment(s)
VMSweeper v1.4 beta 13

Quote:
Fixed:
1. Overflow the text buffer in the formation of long expressions, which led to the exclusion of the stage of code analysis.

arnix 10-28-2011 06:02
1 Attachment(s)
New version VMSweeper v1.4 beta 14

Quote:
Added:
1. CodeVirtualizer: Removing of initialized, but unused register RVM_TMP.
2. CodeVirtualizer: Correction of the top of the VM stack on its extension
3. CodeVirtualizer: Correction of the bottom of the VM stack on entering into the intermediate session of the VM.
4. CodeVirtualizer: Output into trc file the entry address of the next VM session.
5. Processing the neg operation in the constant expressions
6. Handling overflow exceptions when emulating div and idiv.
7. Improved the procedure of determinating the number of arguments in the called functions because OllyDbg sometimes makes errors doing that.
8. Simultaneous handling of constant expressions placed in the pair of registers xL - xH.
9. Minimization of the size of the generated code by removing the unnecessary ds: prefix.
10. VmProtect: Improved the p-code encoding algorithm (in the VM loop) analyzer.
11. VmProtect: Handler for FPU operation fsubr.
12. Removed the "Stop on EntryCall" window in manual mode.

Fixed:
1. Conditional jump from the VM primitive to the beginning of the VM loop is not the end of the primitive.
2. Analyze the OF flag on the extended byte-variables.

BoRoV 11-03-2011 21:53
1 Attachment(s)
03.11.2011 VMSweeper 1.4 beta 15
Posted:
1. CodeVirtualizer: Improved detection of primitive CMC.
2. CodeVirtualizer: Added handling setne.
3. CodeVirtualizer: Improved detection of upper byte registers (ah, ch, dh, bh).
4. VmProtect: Implemented processing bias VM code (relocation VM code).
5. VmProtect: Handlers FPU instructions fst, fisub.
Fixed:
1. CodeVirtualizer: Inserting a direct asm instruction in the source code.
2. VmProtect: Moving operator changes the flags to show their flag.
3. VmProtect: Restoration of imports, sometimes instead call [api] restored jmp [api].

estelle 11-05-2011 12:55
very nice tools

BiT-H@cK 11-06-2011 23:45
Thank you for this tool, guys!

cnbragon 11-12-2011 00:35
For VMSweeper 1.4 beta 15, it still can't process some CodeVirtulizer VM.
Such as the vmcode in EmEditor.

sendersu 11-12-2011 02:33
cnbragon
from what time EmEditor (by Emurasoft?) uses vm?

cnbragon 11-12-2011 18:11
Quote:
Originally Posted by sendersu (Post 75814)
cnbragon
from what time EmEditor (by Emurasoft?) uses vm?
About one year ago, from v10

phongvucba 11-18-2011 19:00
I can't donwload file Attached..:(. Please upload from Mediafire for everybody..
Thank much :)

niculaita 11-20-2011 00:35
I try to aply to this http://forum.exetools.com/showthread.php?t=13884 could anybody do more?

niculaita 01-02-2012 03:44
please make a tutorial applying VMSweeper

Vam 01-05-2012 03:18
Read a WMSwweeper.chm or look a video in the beginning of this topic

FoxB 04-12-2012 22:08
New: VMSweeper v1.5 beta 0
http://rghost.ru/37543927

JeRRy 04-13-2012 02:13
1 Attachment(s)
VMSweeper 1.5 Beta 0 (12.04.2012)
Quote:
Added:
1. Process handler of the primitive simple function call without arguments and return values.
2. Recognition of primitive Push/Pop RvmLong p-code with indexation.
3. Handling of multiple VMs on a single function and a batch as well as separate call of the function ("Decompilate packet" option in the ini file).
It is recommended to disable it, but if there are difficulties finding entry points in the batch function, then you should enable it.
4. Decompiling the code in the areas of change registers ("Decompilate change register zones" option in the ini file). When enabled this option creates an additional "junk" in the log file. Its recommend to enable this option only if the generated code without this option has missing instructions.
5. Many small cosmetic changes.

Fixed:
1. Restructuring of a code.
2. Determining the size of the arguments of called functions.
Download:
http://www.mediafire.com/?6a6vrjya141cqyg


All times are GMT +8. The time now is 20:51.
Page 8 of 11 « First 67 8 910 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX