Jump to content
Tuts 4 You

[DevirtualizeMe/CrackMe] Oreans Code Virtualizer 2.1.5.0

Reasen

By Reasen
in UnPackMe

 Share

Recommended Posts

koolk

koolk

Posted
Posted

Here is the regular and the stealth mode devirtualized and "patched" (jump replaced with nops).

In the stealth, I didn't decode the strings, but I devirtualized the functions that decode them. (So it is easy from here)

I didn't include the compressed one because it is little bit annoying to fix it. (It uncompress the vms and the virtualized strings on the first vm run, so I have to dump to and fix it)

files.zip

Link to comment
Share on other sites
Reasen

Reasen

Posted
  • Author
Posted
12 hours ago, koolk said:

Here is the regular and the stealth mode devirtualized and "patched" (jump replaced with nops).

In the stealth, I didn't decode the strings, but I devirtualized the functions that decode them. (So it is easy from here)

I didn't include the compressed one because it is little bit annoying to fix it. (It uncompress the vms and the virtualized strings on the first vm run, so I have to dump to and fix it)

files.zip

Thank you, nice job, the best is use the vm compressed seems more complex :)

Link to comment
Share on other sites
koolk

koolk

Posted
Posted
5 hours ago, reasen said:

Thank you, nice job, the best is use the vm compressed seems more complex :)

It isn't that more complex. I just need to dump it after decompressing, and than fix the code in the original binary. But you virtualized strings, so I need to fix them also, and I didn't write anything that fix it (because it is rarely used, along with compressed vms). But it is pretty easy task. Another option is just include the dumped section with the decoding string code, and than fix the binary, which takes extra few minutes, which I didn't bother to do.

Anyway, if someone is able to devirtualize your binary, none of those extra options would make it significantly harder. (slight annoyance maybe)

Link to comment
Share on other sites
Reasen

Reasen

Posted
  • Author
Posted
16 minutes ago, koolk said:

It isn't that more complex. I just need to dump it after decompressing, and than fix the code in the original binary. But you virtualized strings, so I need to fix them also, and I didn't write anything that fix it (because it is rarely used, along with compressed vms). But it is pretty easy task. Another option is just include the dumped section with the decoding string code, and than fix the binary, which takes extra few minutes, which I didn't bother to do.

Anyway, if someone is able to devirtualize your binary, none of those extra options would make it significantly harder. (slight annoyance maybe)

Yeah i have an idea about, was wondering what would be better, StealthMode or CompressedMode, just is not good have it only for protect, is needed add some MD5 check and a packer also :P

Link to comment
Share on other sites
koolk

koolk

Posted
Posted
1 hour ago, reasen said:

Yeah i have an idea about, was wondering what would be better, StealthMode or CompressedMode, just is not good have it only for protect, is needed add some MD5 check and a packer also :P

Doesn't really matter. Maybe CompressedMode is a more annoying than StealthMode.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...