Jump to content
Tuts 4 You

VMProtect Must Die

Conquest

By Conquest
in General Discussions and Off Topic

 Share

Recommended Posts

Conquest

Conquest

Posted
Posted

A few years ago, themida, winlicense was people's choice . everyone seems to pack everything in themida, but now, those days are over. with deathways plugin + scripts from q, LCF-AT themida codes can be reverted back to almost clean. But VMp is the new pain in ass, more and more people these days packing everything in vmp and its very hard to restore those protected apps back to their original form. i got twice infected by vmped apps supposed to be clean. anyone has any idea about if vmp apps will ever get defeated.


 


 


PS: i dont even like analyzing unpacked vmp apps. IDA kind of goes crazy with them and specially the current method of restoring IAT isnt clean IMO.


Link to comment
Share on other sites
Conquest

Conquest

Posted
  • Author
Posted

unfortunately using vmsweeper is extremely hard(for me). And vmp uses tons of deobfuscating to hide the original code. Also why arent there significant research docs from the reversing elites about vmp?

Link to comment
Share on other sites
  • 3 weeks later...
chickenbutt

chickenbutt

Posted
Posted (edited)

VMP doesn't really compare to TM/WL in terms of stability and innovation. You can break every script in existance just from the build panel too, or just use xbundler...


 


If you want to see who has the best protector, look what bot and tool devs are using, shareware vendors are just marketing idiots who mostly contract incompotent coders to do pooty cloneware based off 'trending'. A RE tool dev or MMO bot dev has skills and will use the most effective protection..


Edited by chickenbutt
Link to comment
Share on other sites
  • 3 weeks later...
johnjohn

johnjohn

Posted
Posted (edited)

Chickenbutt is right.. Only the orignal script makers are able to unpack those. (except LCF_AT since that script is mostly q's/others scripts combined with an gui added.)


 


Vmprotect is nothing fancy actually.. I only know that some don't like releasing info any more only to get script kiddies go mental on it. With nobody actually trying to understand it..


Edited by johnjohn
  • Like 2
Link to comment
Share on other sites
rendari

rendari

Posted
Posted

^Scripts have commoditized reverse engineering. Now anyone can load up an unpacking script and be an unpacker, without actually understanding how packing works.


 


IMO that's a good thing, but it leaves gaping holes in people's knowledge :) Now if I came out with a new packer with new antidebug and a new VM, it would stump a majority of the reversers out there...


  • Like 1
Link to comment
Share on other sites
johnjohn

johnjohn

Posted
Posted

^Scripts have commoditized reverse engineering. Now anyone can load up an unpacking script and be an unpacker, without actually understanding how packing works.

 

IMO that's a good thing, but it leaves gaping holes in people's knowledge :) Now if I came out with a new packer with new antidebug and a new VM, it would stump a majority of the reversers out there...

 

 

Perhaps, but knowledge and a good challenge is the most important part of reversing, scripts seem to inhibit that.. Anyways I'll be waiting for your packer. ;) knowing your work it should be an interesting challenge.

Link to comment
Share on other sites
mrexodia

mrexodia

Posted
Posted

vmprotect will publically die, when the next protector is popular...


 


scripts are not what you need, they do not help you when you have no clue how to defeat the protection without the script.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...