January 3, 201114 yr Hello ElCrabe, 1. Good work! 2. I can rebuild the full OEP routine and get the target run 3. I can not rebuild the VMed Opcodes!Just some calls. 4. Looks very hard your new UnpackMe so I see no light to come forward to rebuild the VM code for the calc routine. 5. You are using a lot memory. All in all its not easy for me or I am too blind or something. Maybe you can give us some advice where to have a deeper look to get/see some more about the used commands. greetz
January 3, 201114 yr Same here too...i think the only possible way to solve it is to execute the part of stub that creates the vm near oep. Dump all is kindly impossible imho. Interesting one.
January 3, 201114 yr Hehe you're not telling me this is harder than Themida right. Anyways since you guys are already giving up this might be very interesting. EDIT: I like the hints, (virtual stack exceed etc. ) Edited January 3, 201114 yr by quosego
January 4, 201114 yr of course it is not harder than themida. For example it does not have any it protectoin. Anyway to dump whole parts of needed vm could be hard...test by yourself
January 4, 201114 yr Author @LCF-AT 1. Thx =) 2. Gonna add some critical code to the virtualized ep code (if ep virtualization option is enabled) soon 5. Yep, as u already know vmed code length is too big, rewrite&reduce needed. Almost all other vm params r user configurable Advice #0: Trash opcode handlers have no calls inside. @quosego A lot of debug info inside EDIT: Do u need more advices now ? Edited January 6, 201114 yr by ElCrabe
January 24, 201114 yr Author Okay, if things r like they were 20 days ago im gonna publish protector demo, should i publish it in this topic or create new one (where?). Thx.
February 15, 201114 yr is there any obfuscation in VM handlers ? poly protection or some thing like this ?
Create an account or sign in to comment