Locked Oreans UnVirtualizer ODBG Plug-in (WL/TMD/CV) by Deathway

[sQuo]

This is the hidden content, please

• Sign In
• or
• Sign Up

 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

 

Oreans Unvirtualizer ODBG Plug-in

by Deathway.

 

[v1.0]

- First Public Version

 

[v1.1]

- Fixed Decode GenV1

- Added CALL [EBX+ESI+0x234234]

- Video logs Added

- Updated OreansJunk.cfg

 

[v1.2]

- Fixed Decode MovV1

- Added REP - REPNE - CMPS - MOVS - LODS - STOS - SCAS Instructions

- Added CISC-2 Micro-opcodes UnVirtualizer

- Fixed Decode MovV2

- OreansJunk.cfg updated

- OreansAssembler.cfg updated

- Added Virtual Opcode Mutation Tech

- Fixed Jcc Jumps leading outside Virtual Machine

- Fixed Crash on reading Register Handlers

- Cisc_Vo_Dump.txt is no longer created

 

[v1.3]

- Fixed Identifying Some handler variants

- Added NEG - NOT - BSWAP instructions

- Updated OreansAssembler

- Added Options Panel

- Added Hotkeys

- Added UnVirtualize With/Without Jumps

- Fixed DeOfuscation GenV4

- Added optimization on reading virtual labels

- Updated references panel

 

[v1.4]

- Fixed Cisc - CALL [REG32+IMMC]

- Fixed Cisc - SHL REG32, IMMC

- Fixed an issue with odbg when using context menu

- Added TAB key on windows

- Added autofill on FindReferences window

- Risc-64 machine function

- Added OreansAssember_Risc.cfg

 

[v1.5]

- Fixed Unvirtualize with Jump on CISC machines

- Fixed some errors when handling signed constants on RISC

- Fixed an issue when processing MOVS instrution on CISC machine

- Fixed some inversion data when processing COMM, REGX, REGX (like XOR EDI,ESI was decoded as XOR ESI,EDI)

- Fixed a problem when handling AH CH DH BH registers on COMM2 instructions

- Added MOVSX - MOVZX - XCHG - IMUL - MUL - DIV - IDIV - PUSHFD - POPFD instructions on RISC

- Added CALL [ESP+IMMC] on Cisc Machine

- Added support of dump files on RISC machines

- OreansAssember_Risc.cfg updated

- DLL Support on CISC and RISC machines

 

[v1.6]

- RISC machine re-designed

- Added RISC V2 machines (new branch tech)

- Added Pushad-popad instructions on risc machines

- Fixed some issues with end jump

- Added new detection for virtual machines

- Added abort button

 

[v1.7]

- FISH machine avaible (WHITE and RED variants)

- Added Vm signatures

 

[v1.8]

- FISH BLACK variant avaible

- Fixed deofuscation order (GenV6)

- New deofucation scheme for FISH machine

- New smart code tracer for FISH machines

- Stack sort for FISH commands

- Improved management of memory (faster deofuscation)

- Added movzx reg32, [esp+eax+memoffset] on CISC machines

- Added a message prompt when the opcode buffer is not enough

- Added LEAVE instruction for FISH machines

- Added support for CALLs to VM section in FISH machines

- CHECK_PROTECTION macro disabled, now it must be restored by hand

- Fixed QWORD incorrect names for some opcodes

- Fixed a problem when deofuscating RISC machines