Oreans UnVirtualizer ODBG Plug-in (WL/TMD/CV)

[Deathway]

[v1.4]
- Fixed Cisc - CALL [REG32+IMMC]
- Fixed Cisc - SHL REG32, IMMC
- Fixed an issue with odbg when using context menu
- Added TAB key on windows
- Added autofill on FindReferences window
- Risc-64 machine function
- Added OreansAssember_Risc.cfg

Well, it was a long journey to deal with Risc, but i'ts almost finished, hope you like it

Some info about RISC machines
- It's still on debug mode, so it may take long time for deofuscate it
- 128 variant is not avaible, it could fail on that machine
- The example provided was modified in order to show how to deal when deofuscation fails
- In case of failure, two errors may popup (1) About Follow jump, this has a trail-error solution:
press reload and then the other option, (2) about could not find XXXX handler,
in this case the left list control show the current vm entry, and the right one the 'ideal handler',
on 80% of cases, the red instruction is the problem, the yellow part shows the handler that could
not be identified, press delete after selecting the 'wrong instruction' on the left panel (could be more than one)
- The example was compiled with full protection 64variant
- Can't read some opcodes like movzx, xchg, movsx, muls, div, etc


Deathway.
Example link: http://www.sendspace.com/file/fa45ny

PD: Example solution
Put a HWBP on execution at 00401058 and press F9 (could be on normal olly, doesn't have debug detection)
Click on 00401058 and press Alt - I
First error: press 'No'
Second error: On left panel select 00D5DFE4 and press delete
Third error: On left panel select 00D781CC and press delete then select 00D781CE and press delete

On the next popup window insert 005FC4DC and press enter

[Deathway]

[v1.5]
- Fixed Unvirtualize with Jump on CISC machines
- Fixed some errors when handling signed constants on RISC
- Fixed an issue when processing MOVS instrution on CISC machine
- Fixed some inversion data when processing COMM, REGX, REGX (like XOR EDI,ESI was decoded as XOR ESI,EDI)
- Fixed a problem when handling AH CH DH BH registers on COMM2 instructions
- Added MOVSX - MOVZX - XCHG - IMUL - MUL - DIV - IDIV - PUSHFD - POPFD instructions on RISC
- Added CALL [ESP+IMMC] on Cisc Machine
- Added support of dump files on RISC machines
- OreansAssember_Risc.cfg updated
- DLL Support on CISC and RISC machines

There is a fix regarding Risc machines, if you unvirtualized the opcodes, there is a high chance that you obtain the inversed form of this opcodes COMM REGX,REGX (like XOR EDI,ESI was decoded as XOR ESI,EDI). This errrors is fixed on the latest version

DLL support is now avaible, however Risc machines must be initialized first (not a problem, since risc machines are always encrypted).

On both machines, it's recommended the devirtualization once the eip reach the oep.


Deathway.

[Deathway]

[v1.6]
- RISC machine re-designed
- Added RISC V2 machines (new branch tech)
- Added Pushad-popad instructions on risc machines
- Fixed some issues with end jump
- Added new detection for virtual machines
- Added abort button