Decompiler for Code Virtualizer 1.3.8 (Oreans)
Switch branches/tags
Nothing to show
Latest commit 7c67872 Oct 3, 2012 @pakt sources
Permalink
Failed to load latest commit information.
clean_handlers sources Oct 3, 2012
PyFlags.py sources Oct 3, 2012
bb.py sources Oct 3, 2012
common.py sources Oct 3, 2012
config.py sources Oct 3, 2012
decompiler.py sources Oct 3, 2012
decv.py sources Oct 3, 2012
dump_clean.py sources Oct 3, 2012
emu.py sources Oct 3, 2012
example_recover.txt sources Oct 3, 2012
gen_vmi.py sources Oct 3, 2012
matcher.py sources Oct 3, 2012
op.py sources Oct 3, 2012
op_classes.py sources Oct 3, 2012
opt.py sources Oct 3, 2012
pickler.py sources Oct 3, 2012
readme.txt readme Oct 3, 2012
recover_x86.py sources Oct 3, 2012
vm_classes.py sources Oct 3, 2012
vm_instructions.py sources Oct 3, 2012
vmi_auto_gen.py sources Oct 3, 2012
vmi_top_common.py sources Oct 3, 2012
vmis.txt sources Oct 3, 2012

readme.txt

DeCV 1.0b 
---------

- What is it
- Usage
- Possible problems

About
-----
DeCV is a decompiler for files protected with Code Virtualizer v1.3.8.0 by 
Oreans Technologies (www.oreans.com).

It's able to devirtualize macro-protected code back to a stack language used
by CV. If anyone is interested enough to write a CVL -> x86 converter, take
a look at recover_x86.py -- it it's not hard to extend this code to handle
more opcodes, but it's quite a bit of work. 

Usage
-----
DeCV was tested on IDA 6.2.x with IDAPython.

To use, open the file you want to deprotect and load decv.py script and wait.
DeCV will automatically perform all tasks.

Possible problems
-----------------
DeCV relies on IDA to correctly disassemble code. If you encounter problems 
during the handler parsing (basic block creation), manifested in errors like:
- outside handler: *address*
- Problem with getting mnemonic @ *address*
they are most likely caused by incorrect disasm generated by IDA. 

To fix, go to the address you see in the error message. If you see garbage
instructions or data mixed with code (DB xxh), undefine whole block by 
pressing 'u', and then directly convert to code, by pressing 'c'. Resulting
code should be cleaner and should not have garbage instructions, or DB xxh
stuff in it.

p_k
gdtr.wordpress.com
twitter.com/pa_kt