Jump to content
Tuts 4 You

Driver reversing Code Virtualizer


GoJonnyGo

Recommended Posts

Hey,

how to deal with a driver which was obfuscated using Code Virtualizer?

WinDbg is really not comfortable so reversing this is a pane. Any ideas?

Link to comment

hmm but there are also no names, string and so on.

Anyways, will I be able to understand it if I read scherzos article on the virtualizer?

Link to comment

You will use IDA + VMWare for runtime debugging and not static analysis.

It's more helpful when doing runtime debugging of obfuscated binaries than just static analysis, and of course reading some papers about the virtualizer would help much.

Link to comment
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...