All Activity

@Priboi Many thanks for the video presentation. Now I get it. Your plugin would be helpful. Regards. sean.

I said program not plugin. Debugged program makes changes in code/data for example while unpacking and you are able to see where these changes are when using my plugin.

@Priboi when does the code/data change by your plugin? I did not use the feature of the ollydbg, also I did not know it is. Now I check it out in ollydbg. It is a good feature. In ollydbg, If I create backup, then I change some codes. by using view backup, I can view the backed up data. after it, again If I click view actual data, I can view the current modified code/data. But with your plugin, what should I do to check what is the backed up code/data and what is the current modified or actual code/data? Many thanks in advance. Regards. sean.

You dont have to do changes on yourself its not the purpose of this plugin because you know what you have changed. The code/data should be changed by program itself.

+ password-protect-video.com

Now It works well but It takes some time to complete the job. Regards. sean.

Well, the project is still a demo. I updated the plugin and provided a program for my own testing，you can try that. https://github.com/fjqisba/VmpHelper/releases

I virtualized below part and tested it. 004010C2 6A 01 push 01 004010C4 53 push ebx 004010C5 FF15 1C614000 call dword ptr [0040611C] → USER32.dll!EndDialog 004010CB EB 09 jmp 004010D6 ↓ It is cahnged to thses codes. 00A810C2 | E9 27BA1800 | JMP win32gui.vmp.C0CAEE | 00A810C7 <win32gui | 57 | PUSH EDI | edi:EntryPoint 00A810C8 | C3 | RET | 00A810C9 <win32gui | 56 | PUSH ESI | esi:EntryPoint 00A810CA | C3 | RET | 00A810CB <win32gui | EB 09 | JMP win32gui.vmp.A810D6 | And I used your plugin by clicking the menu "VMP -> Show Graph" at the address of 00A810C2. then It hung. the IDA version is 8.3.23.0608.. Regards. sean.

For current plugin, it seems too early to analyze vmp oep, because vmp does a lot of operations at the beginning. Maybe you should try writing a small function, use vmp encryption, and then use plugin to analyze the begin of vmp function.

Win32GUI.vmp.zip Regards. sean.

What are the preconditions to start de-virting 3.5.0 x86? I'm hitting only this: sample https://workupload.com/file/bDGty7XBnfW sometimes it is crashing, eg: BTW, what IDA versions do you support?

Well, this is because it has not been fully developed yet. you can try sending samples to me so I can fix it.

An error!!! And for another example. Why does it just show one graph and no branches? but your github page shows like this. Regards. sean.

View File Nuitka 2.1.5 (Python 3.11) Hi Nuitka compiled python 3.11 file Correct password doesn't important Just patching Thanks Submitter Sh4DoVV Submitted 04/18/2024 Category CrackMe  

Where can I see the differences when choosing "Compare Snapshot"? I clicked the menu of "Make Snapshot" before changing anything. Then as @Priboi said, started an application. after it, I changed some bytes. then clicked the "Compare Snapshot" menu. however I cannot notice anything to show the differences in the disassembly pane of the x64dbg. Thanks. Regards. sean.

most possible using SetWindowDisplayAffinity API - more github.com/akinbicer/screen-capture-protector

Hi, everybody! I am developing an ida plugin which can be used to analyze vmp3.5 x86. If you are interested in vmp, Then you can view the source code of the project to learn it. Suggestions and PRs are welcome. https://github.com/fjqisba/VmpHelper

what have you tried what errors (if any) you've encountered? this forum is not chatGPT

who is "we"?

How can we find the PCode "C9" in the debugger? Regards. sean.

Does these plugins still work? Regards. sean.

jesus christ my man, u got some crazy shovel to dig up this old of a topic

Thank you for reporting! Should be fixed now... Ted.

@Teddy Rogers youtube links are not converted to video views. Regards. sean.