This tool will help conversion VirtualOpcodes -> Assembly Instruction
restoring the original code of your virtualized Application, the basic engine
was from CodeUnvirtualizer, my other tool
[Features]
- Supports WinLicense/Themida/CodeVirtualizer Cisc Machines
- Supports almost all common opcodes
- Supports CHECK_MACRO_PROTECTION
- Supppots MultiBranch Tech
[Use]
- Right-click on the jump leading to the Virtual Machine Area and press Unvirtualize (If machine isn't found
you have to click again, after checking that the full machine was correctly deofuscated)
[Oreans UnVirtualizer]
[v1.0]
- First public Version
[v1.1]
- Fixed Decode GenV1
- Added CALL [EBX+ESI+0x234234]
- Video logs Added
- Updated OreansJunk.cfg
[v1.2]
- Fixed Decode MovV1
- Added REP - REPNE - CMPS - MOVS - LODS - STOS - SCAS Instructions
- Added CISC-2 Micro-opcodes UnVirtualizer
- Fixed Decode MovV2
- OreansJunk.cfg updated
- OreansAssembler.cfg updated
- Added Virtual Opcode Mutation Tech
- Fixed Jcc Jumps leading outside Virtual Machine
- Fixed Crash on reading Register Handlers
- Cisc_Vo_Dump.txt is no longer created
[Request]
- Since is almost impossible to create a full database with every opcode combination
I would appreciate if you got errors by some unknown opcodes, wrong decompiled, etc
a full diagnosis including Cisc_Vo_Dump.txt, Cisc_Vo_Syntax.txt, Cisc_Uv_Dump.txt and
Cisc_Iat_XXXXXX.txt file on your report
