jackyjask Posted September 16, 2023 Share Posted September 16, 2023 Olly v1 Win7 plugin with latst fix from topicstarter [Olly v1.10 ScyllaHide] Win7 x64 SP1.zip 1 Link to comment Share on other sites More sharing options...
boot Posted September 17, 2023 Share Posted September 17, 2023 10 hours ago, Noob boy said: Would you like to fix the plugin for demo olydbg1 It will take some time to test your sample in Win7 x64, Win10 x64 and Win11 x64, because some OSs still lack data... Later, I will upload Olly v1.10/x32dbg plugins again. Thanks to @Karan for updating the code. 1 Link to comment Share on other sites More sharing options...
Oliver Posted September 17, 2023 Share Posted September 17, 2023 1 hour ago, boot said: It will take some time to test your sample in Win7 x64, Win10 x64 and Win11 x64, because some OSs still lack data... Later, I will upload Olly v1.10/x32dbg plugins again. Thanks to @Karan for updating the code. @boot great ,i"ve waiting for🙂 Link to comment Share on other sites More sharing options...
boot Posted September 17, 2023 Share Posted September 17, 2023 10 hours ago, boot said: upload Olly v1.10/x32dbg plugins again. Thanks to @karan for updating the code. Support for Win7 x64: - Confirmed support for Win7 x64 SP1 - Maybe it also supports Win7 x64 SP0 [Olly v1.10 ScyllaHide] Win7 x64 SP1.zip [x32Dbg ScyllaHide] Win7 x64 SP1.zip Support for Win10 x64: - Confirmed support for Win10_x64-22H2-19045.3448 - Maybe it also supports the latest Win10 x64 OSs [Olly v1.10 ScyllaHide] Win10_x64.zip [x32Dbg ScyllaHide] Win10_x64.zip Support for Win11 x64: - Confirmed support for Win11_x64-22H2-22621.2215 - Maybe it also supports the latest Win11 x64 OSs [Olly v1.10 ScyllaHide] Win11_x64.zip [x32Dbg ScyllaHide] Win11_x64.zip 7 Link to comment Share on other sites More sharing options...
karan Posted September 17, 2023 Author Share Posted September 17, 2023 On 9/14/2023 at 1:49 AM, deepzero said: What does VMP do if it encounters an OS for which it does not have syscall numbers? As a result of the analysis, I couldn't find how to check the version. However, if the "wine_get_version" api exists in the ntdll module, they calling a normal Nt series function. I don't know if I can do this in Plugin. Link to comment Share on other sites More sharing options...
jackyjask Posted September 17, 2023 Share Posted September 17, 2023 16 minutes ago, karan said: However, if the "wine_get_version" api exists in the ntdll module, they calling a normal Nt series function. https://gist.github.com/ork/32da69687c94530931ed maybe this is how vmp is checking if assembly running under Wine system? (WIndows emulator under Linux) Link to comment Share on other sites More sharing options...
kao Posted September 17, 2023 Share Posted September 17, 2023 Why are you trying to guess? Take the leaked VMProtect sources and check the file runtime\core.cc (lines 483-757), it's all there. 2 3 Link to comment Share on other sites More sharing options...
kuazi GA Posted September 17, 2023 Share Posted September 17, 2023 https://github.com/classic130/VMProtect-Source/blob/master/runtime/core.cc Link to comment Share on other sites More sharing options...
Oliver Posted September 18, 2023 Share Posted September 18, 2023 13 hours ago, boot said: Support for Win7 x64: - Confirmed support for Win7 x64 SP1 - Maybe it also supports Win7 x64 SP0 [Olly v1.10 ScyllaHide] Win7 x64 SP1.zip 2.72 MB · 4 downloads [x32Dbg ScyllaHide] Win7 x64 SP1.zip 2.51 MB · 4 downloads Support for Win10 x64: - Confirmed support for Win10_x64-22H2-19045.3448 - Maybe it also supports the latest Win10 x64 OSs [Olly v1.10 ScyllaHide] Win10_x64.zip 2.05 MB · 4 downloads [x32Dbg ScyllaHide] Win10_x64.zip 2.51 MB · 6 downloads Support for Win11 x64: - Confirmed support for Win11_x64-22H2-22621.2215 - Maybe it also supports the latest Win11 x64 OSs [Olly v1.10 ScyllaHide] Win11_x64.zip 4.57 MB · 5 downloads [x32Dbg ScyllaHide] Win11_x64.zip 5.5 MB · 1 download @boot have a look at this sample: sample can be found here: https://mega.nz/file/TmJQwCZT#NfHuDu5z-OtXvFeWzBx6nIdRFX_T2CIkFw41p6VlNxQ bandicam 2023-09-18 07-28-30-229.mp4 Link to comment Share on other sites More sharing options...
stylog Posted September 20, 2023 Share Posted September 20, 2023 I believe there are 2 antidebug checks. The regular one that works with old plugins and techniques, and the new one which checks the old methods including it's new method. I'm not sure, I am a windows 7 32x user, so I don't have much problems seeing that vmprotect is at it's weakest on older windows 😅 1 Link to comment Share on other sites More sharing options...
monster Posted October 10, 2023 Share Posted October 10, 2023 @boot sir thanks for your plugin is greate but it got failed when I try target on it. I sent target in pm check it out. Link to comment Share on other sites More sharing options...
TRISTAN Pro Posted October 14, 2023 Share Posted October 14, 2023 (edited) Target Done without scyllahide. it's commercial app. Edited October 14, 2023 by TRISTAN Pro Commercial app Link to comment Share on other sites More sharing options...
Noob boy Posted November 2, 2023 Share Posted November 2, 2023 On 9/17/2023 at 9:11 PM, boot said: Support for Win7 x64: - Confirmed support for Win7 x64 SP1 - Maybe it also supports Win7 x64 SP0 [Olly v1.10 ScyllaHide] Win7 x64 SP1.zip 2.72 MB · 13 downloads [x32Dbg ScyllaHide] Win7 x64 SP1.zip 2.51 MB · 17 downloads Support for Win10 x64: - Confirmed support for Win10_x64-22H2-19045.3448 - Maybe it also supports the latest Win10 x64 OSs [Olly v1.10 ScyllaHide] Win10_x64.zip 2.05 MB · 12 downloads [x32Dbg ScyllaHide] Win10_x64.zip 2.51 MB · 22 downloads Support for Win11 x64: - Confirmed support for Win11_x64-22H2-22621.2215 - Maybe it also supports the latest Win11 x64 OSs [Olly v1.10 ScyllaHide] Win11_x64.zip 4.57 MB · 23 downloads [x32Dbg ScyllaHide] Win11_x64.zip 5.5 MB · 16 downloads Hello, can you build a version of Win10 19045.3636. I have upgraded my system. Thank you again Link to comment Share on other sites More sharing options...
karan Posted November 8, 2023 Author Share Posted November 8, 2023 The latest version of vmprotect can no longer bypass Anti-Debug through this method. RIP. 1 1 Link to comment Share on other sites More sharing options...
TRISTAN Pro Posted November 8, 2023 Share Posted November 8, 2023 (edited) On 11/8/2023 at 3:48 AM, karan said: The latest version of vmprotect can no longer bypass Anti-Debug through this method. RIP. Post that file here for testing. After studying it's the same as before I can bypass it as always may be need to learn coding and make plugin for bypass all vmp antidebugger😂🤣. The plugin by boot still work on it. 😁 Edited November 9, 2023 by TRISTAN Pro Same security nothing change. Link to comment Share on other sites More sharing options...
karan Posted November 8, 2023 Author Share Posted November 8, 2023 (edited) On 11/8/2023 at 3:39 PM, TRISTAN Pro said: Post that file here for testing. @boot Edited November 9, 2023 by karan file reupload 1 Link to comment Share on other sites More sharing options...
boot Posted November 8, 2023 Share Posted November 8, 2023 (edited) On 11/8/2023 at 2:46 PM, karan said: The attachments appear to have been deleted. x86 target(s) or x64 target(s)? If you can please re-upload and I will try these. EDIT: Downloaded... Thanks karan Edited November 9, 2023 by boot Link to comment Share on other sites More sharing options...
Guruhardoi7 Posted November 29, 2023 Share Posted November 29, 2023 @boot can you sent your scyallhide plugin code. 1 Link to comment Share on other sites More sharing options...
deepzero Posted November 30, 2023 Share Posted November 30, 2023 dont forget to send pr to scyllahide Link to comment Share on other sites More sharing options...
Guruhardoi7 Posted December 6, 2023 Share Posted December 6, 2023 Hello everyone I was check some unpackme. Mostly are working on debugger but some are not working on debugger with this plugin also.i make all vmprotect version into a zip file for test your antidbg/vm (i spend 2 months to understand these all 😫).I also includes one impossible file check it out😁. Good for noob like me for vmp startup. https://mega.nz/file/Vq1ESbAQ#WGYZj4Ky8oP4-3yrLxDj8Gic7henaUaLdkZx3uKJVg8 PW:= tuts4you Planing to add tutorial also launce soon😇. ALL VMP TEST.rar 2 Link to comment Share on other sites More sharing options...
X0rby Posted January 10 Share Posted January 10 (edited) -- Edited January 16 by X0rby dont blame me then 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now