Pertic@n Posted October 7, 2012 Posted October 7, 2012 DeCV 1.0b---------- What is it- Usage- Possible problemsAbout-----DeCV is a decompiler for files protected with Code Virtualizer v1.3.8.0 byOreans Technologies (www.oreans.com).It's able to devirtualize macro-protected code back to a stack language usedby CV. If anyone is interested enough to write a CVL -> x86 converter, takea look at recover_x86.py -- it it's not hard to extend this code to handlemore opcodes, but it's quite a bit of work.Usage-----DeCV was tested on IDA 6.2.x with IDAPython.To use, open the file you want to deprotect and load decv.py script and wait.DeCV will automatically perform all tasks.Possible problems-----------------DeCV relies on IDA to correctly disassemble code. If you encounter problemsduring the handler parsing (basic block creation), manifested in errors like:- outside handler: *address*- Problem with getting mnemonic @ *address*they are most likely caused by incorrect disasm generated by IDA.To fix, go to the address you see in the error message. If you see garbageinstructions or data mixed with code (DB xxh), undefine whole block bypressing 'u', and then directly convert to code, by pressing 'c'. Resultingcode should be cleaner and should not have garbage instructions, or DB xxhstuff in it.p_kgdtr.wordpress.comtwitter.com/pa_ktmore info And Ref:http://gdtr.wordpres...izer-by-oreans/Sources:https://github.com/pakt/decvTypical decompilation output:http://pastebin.com/etzbaUhBRegards 2
mudlord Posted October 13, 2012 Posted October 13, 2012 As expected, ged_ delivered the goods. Superb work.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now