All Activity
- Past hour
-
Joker Italy Manual Unpacking Tutorials
jackyjask commented on Teddy Rogers's file in Website Archives
- Today
-
fohib68455 joined the community
-
windowbase started following Joker Italy Manual Unpacking Tutorials
-
Joker Italy Manual Unpacking Tutorials
windowbase commented on Teddy Rogers's file in Website Archives
-
Joker Italy Manual Unpacking Tutorials
jackyjask commented on Teddy Rogers's file in Website Archives
-
chongyibu joined the community
-
engelshteish joined the community
-
idc69isop joined the community
-
noo888 joined the community
-
zManu3k joined the community
-
Shah Makhdum joined the community
-
gaiyangjun joined the community
-
admin_yolo joined the community
- Yesterday
-
Joker Italy Manual Unpacking Tutorials
Ph4rmak0n commented on Teddy Rogers's file in Website Archives
-
HelpingOthersBliss started following ExeCryptor 2.xx Basic Unpacker v1.0
-
windowbase started following de4dot.blocks.cflow.InstructionEmulator
-
de4dot.blocks.cflow.InstructionEmulator
extonoxt replied to extonoxt's topic in Programming and Coding
Thank you jackyjask, I solved it by using GetValue of the same class -
de4dot.blocks.cflow.InstructionEmulator
jackyjask replied to extonoxt's topic in Programming and Coding
the issue is that >ThrowArgumentOutOfRangeException is unhappy that for example you have a list with 3 elements [1,2,3] but for some reason you want to access a element with index 5 as you have just 3 elements in your list you are beating by this kind of exception Value value = list[int32Value.Value]; << here is hits the exception - Last week
-
Hello All, I am trying to add two methods in de4dot.blocks.cflow.InstructionEmulator. private void Emulate_Stelem_I4(Instruction instr) { Value value = this.valueStack.Pop(); bool flag = value.IsInt32(); if (flag) { Int32Value int32Value = (Int32Value)this.valueStack.Pop(); List<Value> list = this.valueStack.Pop(); list[int32Value.Value] = (Int32Value)value; } else { this.valueStack.Pop(); this.valueStack.Pop(); } private void Emulate_Ldelem_I4(Instruction instr) { Int32Value int32Value = (Int32Value)this.valueStack.Pop(); List<Value> list = this.valueStack.Pop(); Value value = list[int32Value.Value]; bool flag = value.IsInt32(); if (flag) { this.valueStack.Push(list[int32Value.Value]); } else { this.valueStack.Push(Int32Value.CreateUnknown()); } } Ref: https://github.com/mobile46/de4dot/blob/master/de4dot.blocks/cflow/InstructionEmulator.cs I am getting the following error Unhandled Exception: System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource) at System.Collections.Generic.List`1.get_Item(Int32 index) at de4dot.blocks.cflow.InstructionEmulator.Emulate_Ldelem_I4(Instruction instr) at de4dot.blocks.cflow.InstructionEmulator.Emulate(Instruction instr) What am I doing wrong? What is the correct way to do it? Thank you
-
https://www.emsisoft.com/en/ransomware-decryption/autolocky did you try this??
-
Pass Debugger Check in VMprotect 2.x
Oliver replied to mojtaba's topic in Malware Reverse Engineering
@bootbro i have a question ,when we start titan hide drivers then we can easily debug the latest vmp protected file like putting breakpoints and stepping but when we attach same file to the debugger and after putting breakpoint click on the button why program auto closes? -
windowbase started following titan - VMProtect devirtualizer and ProtectionID
-
In theory, it is feasible, but it is unknown whether it will be effective in the new version of Windows OS.
-
Pass Debugger Check in VMprotect 2.x
Oliver replied to mojtaba's topic in Malware Reverse Engineering
Wow superb @boot ,what the great jobs you are doing for us bro. Much appreciated. Best of luck. Thank you very much. -
I have tried to add Etw Hook's source code to the source code of TitanHide.sys, but it was not effective and I am not considering it for now. I will release newly compiled plugins and drivers, using methods to bypass signatures. They will not need to disable signatures and can be loaded in normal mode.
-
https://github.com/gmh5225/titan-1
-
Here you go: https://mega.nz/file/y4ZGVIiQ#M8OgBUWMwMqzwYH0z0WFA6ihNuYvCDaOtHTN6gT5MNo
-
Pass Debugger Check in VMprotect 2.x
windowbase replied to mojtaba's topic in Malware Reverse Engineering
Regards. sean. -
Pass Debugger Check in VMprotect 2.x
Oliver replied to mojtaba's topic in Malware Reverse Engineering
@bootbro did you tried solving titan hide driver's blu screen issue? Regards. -
Pass Debugger Check in VMprotect 2.x
RADIOX replied to mojtaba's topic in Malware Reverse Engineering
I'll do a short video the 2 apps running fin without using a debugger -
Pass Debugger Check in VMprotect 2.x
jackyjask replied to mojtaba's topic in Malware Reverse Engineering
one target silently crashes even without any debugger being used steps to run it? -
Pass Debugger Check in VMprotect 2.x
RADIOX replied to mojtaba's topic in Malware Reverse Engineering
Please try that with the 2 targets i shared -
Anyone cloned titan repo? It's currently down, please share!
-
Pass Debugger Check in VMprotect 2.x
windowbase replied to mojtaba's topic in Malware Reverse Engineering
@boot ASAP. Regards. sean. -
With simple tricks, everyone can bypass the Anti-Debug of this target without loading the kernel-driver. If no one is willing to share this method, I will make it public.
-
Pass Debugger Check in VMprotect 2.x
X0rby replied to mojtaba's topic in Malware Reverse Engineering
I didn't change anything, just my usual dbg settings... -
Pass Debugger Check in VMprotect 2.x
windowbase replied to mojtaba's topic in Malware Reverse Engineering
@X0rby Just showing off? Regards. sean. -
Pass Debugger Check in VMprotect 2.x
X0rby replied to mojtaba's topic in Malware Reverse Engineering
impossible.mp4