search

Washi1337 / OldRod

An automated KoiVM disassembler and devirtualisation utility
GNU General Public License v3.0
349 stars 80 forks source link

Byte 72 at offset 11C260 not recognized as a valid opcode. #26

Open ghost opened 4 years ago

ghost commented 4 years ago

Describe the bug The bug happens when I try to simply drag the file into OldRod.exe. Screenshot is below.

To Reproduce To reproduce I used the ConfuserEx-Mod-By-Bed-1.4.1. The bin file can be created using his tool from here: https://github.com/BedTheGod/ConfuserEx-Mod-By-Bed/releases using these settings: http://prntscr.com/r0t907

Screenshots http://prntscr.com/r0t46s

Additional context I've tried myself to modify the code from OldRod but with no success... Ok i found something on KoiVM.dll from ConfuserEx-Mod-By-Bed-1.4.1. He used 4 new opcodes and the opcode with 0x72 byte is actually this "public const ILOpCode ENDCALL = 72;". The new 4 op codes are: ENTRY, EXIT, BEGINCALL, __ENDCALL

Program exe protected with Beds Protector 1.4.1.zip

Washi1337 commented 4 years ago

The new opcodes you are found are not new, but are pseudo opcodes that also exist in the original distribution of KoiVM, and are eliminated during the compilation process.

Regardless, can you provide me with a repro binary? I cannot seem to reproduce your issue.

ghost commented 4 years ago

File Uploaded.