GoJonnyGo Posted October 9, 2010 Share Posted October 9, 2010 Hey,how to deal with a driver which was obfuscated using Code Virtualizer?WinDbg is really not comfortable so reversing this is a pane. Any ideas? Link to comment Share on other sites More sharing options...
GamingMasteR Posted October 9, 2010 Share Posted October 9, 2010 IDA Pro + VMWare Link to comment Share on other sites More sharing options...
GoJonnyGo Posted October 10, 2010 Author Share Posted October 10, 2010 hmm but there are also no names, string and so on.Anyways, will I be able to understand it if I read scherzos article on the virtualizer? Link to comment Share on other sites More sharing options...
GamingMasteR Posted October 10, 2010 Share Posted October 10, 2010 You will use IDA + VMWare for runtime debugging and not static analysis.It's more helpful when doing runtime debugging of obfuscated binaries than just static analysis, and of course reading some papers about the virtualizer would help much. Link to comment Share on other sites More sharing options...
Myangel Posted December 20, 2010 Share Posted December 20, 2010 Thanks for sharing this information! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now