Posted April 5, 200817 yr There are two types of virtual machine software protections: A) the ones that convert x86 machine code into virtual machine bytecode and execute it at runtime; the ones that execute some arbitrary code in a virtual environment. I've discussed the latter several times in the past, and by now there exists a wealth of literature on that variety. But breaking the former kind remains an unsolved problem.In my article I said "basically, reverse engineering a VM with the common tools is like reverse engineering a scripted installer without a script decompiler: it's repetitious, and the high-level details are obscured by the flood of low-level details". The more I thought about this, the more I realized that the word "basically" is out of place: virtualizing software protections are programming language interpreters, albeit for weird languages. Consequently, an idea struck me: what we want here is not an interpreter, but a compiler to compile the bytecode back into x86 machine code. https://www.openrce.org/blog/view/1110/Comp...6_Virtualizer_0 Ted.
April 5, 200817 yr Wow, an interesting approach. I predict that as VMs become more and more popular, people will take this approach more and more often. A couple of years from now, when we have automated VM unpackers(hopefully), we might look back at this paper as one of the groundbreakers in VM reverse engineering. Definitely deserves further looking into...
April 5, 200817 yr Really interesting.I've to say that it's an illustration of bright thought.Thanks for the link.
April 5, 200817 yr Many Thanks Ted ......hehe but can we know why ur name (which appear in the forum at first log in) turn to Red ....it has nice color,did u become something New ...or what ? ......sorry all that joke ted..i just joking anyway many thanks for ur nice site i Love it very much.....ur best friend Ahmadmansoor
April 5, 200817 yr Author hehe but can we know why ur name (which appear in the forum at first log in) turn to Red ....it has nice color,did u become something New ...or what ? When I was changing some internals of the forum I decided the Administrators needed a little colour in their lives... Ted.
Create an account or sign in to comment