Jump to content
giv

Oreans UnVirtualizer plugin ASM code output select and process

Recommended Posts

giv
Hi all.

As some of us know when working with Themida files and we want to unvirtualize a supported VM entry we use DeathWay plugin.

The plugin output a text file where we select the proper address of where we think the correct UV code start.

In genere is the rule to read from bottom to top and search for a pop esp instruction.

From the next instruction the correct code start and we select the address  and input in UV input box.

Many of you know how to work with it and some not.

I address only to the ones who know how to deal with it.

 

There are cases when the UV instructions contain wrong assembly and the plugin cannot assemble that in Olly.

For that we need to assemble by hand or using MultiASM plugin.

If are 2-3-10 instructions is fine but if we need to reproduce large amount of instructions from the resulted text file from the plugin to the multiasm plugin there is a problem because we need to format the text file and preserve only the mnemonics witch from my expertise take long time.

 

I coded a small tool that process the resulted output from DeathWay UV plugin and preserve only the mnemonics removing useless spaces, carriage returns and labels to get only the ASM code.

With the clean code we can use MultiASM quickly to replace the wrong or corrected UV code into Olly witch the plugin cannot handle.

 

As LCF-AT requested i have improved a little the program changing his result a bit.

Oreans UV Plugin by DeathWay text file edit.7z

UV_Video_demo.7z

  • Upvote 4

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Guidelines