HVC Posted August 20, 2008 Posted August 20, 2008 (edited) If you don't know what code virtualizer is, or how it works, you should read this first:http://rapidshare.com/files/16968098/Insid...Virtualizer.rar(Inside Code Virtualizer by scherzo)Now, as you probably already know from paper by scherzo , one possible way recover virtualized code is to identify each mutated handler (find corresponding non-mutated version). After this done, we can trace virtual opcodes and "decompile" them to VM instructions. Having "clean" decompiled output, we can translate it to x86 assembly. I consider the last step, to be simple "find and replace" job with flex/yacc.Discussion continued here (includes some code)...http://www.woodmann.com/forum/showthread.php?t=12015 Edited August 20, 2008 by HVC
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now