-
-
[转帖]DeCV 1.0b by pa_kt
-
发表于: 2012-10-4 20:46
-
DeCV 1.0b by pa_kt
DeCV v1.0b.rar
DeCV is a decompiler for files protected with Code Virtualizer v1.3.8.0 by Oreans Technologies (bfeK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3!0J5k6h3q4F1M7#2)9J5k6h3y4G2L8g2)9J5z5g2)9J5k6b7`.`.
It's able to devirtualize macro-protected code back to a stack language used by CV. If anyone is interested enough to write a CVL -> x86 converter, take a look at recover_x86.py -- it it's not hard to extend this code to handle more opcodes, but it's quite a bit of work.
Usage
-----
DeCV was tested on IDA 6.2.x with IDAPython.
To use, open the file you want to deprotect and load decv.py script and wait.
DeCV will automatically perform all tasks.
Possible problems
-----------------
DeCV relies on IDA to correctly disassemble code. If you encounter problems during the handler parsing (basic block creation), manifested in errors like:
- outside handler: *address*
- Problem with getting mnemonic @ *address* they are most likely caused by incorrect disasm generated by IDA.
To fix, go to the address you see in the error message. If you see garbage instructions or data mixed with code (DB xxh), undefine whole block by pressing 'u', and then directly convert to code, by pressing 'c'. Resulting code should be cleaner and should not have garbage instructions, or DB xxh stuff in it.
DeCV v1.0b.rar
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
