Jump to content
Tuts 4 You

VMProtect Must Die


Conquest

Recommended Posts

A few years ago, themida, winlicense was people's choice . everyone seems to pack everything in themida, but now, those days are over. with deathways plugin + scripts from q, LCF-AT themida codes can be reverted back to almost clean. But VMp is the new pain in ass, more and more people these days packing everything in vmp and its very hard to restore those protected apps back to their original form. i got twice infected by vmped apps supposed to be clean. anyone has any idea about if vmp apps will ever get defeated.


 


 


PS: i dont even like analyzing unpacked vmp apps. IDA kind of goes crazy with them and specially the current method of restoring IAT isnt clean IMO.


Link to comment

unfortunately using vmsweeper is extremely hard(for me). And vmp uses tons of deobfuscating to hide the original code. Also why arent there significant research docs from the reversing elites about vmp?

Link to comment
  • 3 weeks later...
chickenbutt

VMP doesn't really compare to TM/WL in terms of stability and innovation. You can break every script in existance just from the build panel too, or just use xbundler...


 


If you want to see who has the best protector, look what bot and tool devs are using, shareware vendors are just marketing idiots who mostly contract incompotent coders to do pooty cloneware based off 'trending'. A RE tool dev or MMO bot dev has skills and will use the most effective protection..


Edited by chickenbutt
Link to comment
  • 3 weeks later...

Chickenbutt is right.. Only the orignal script makers are able to unpack those. (except LCF_AT since that script is mostly q's/others scripts combined with an gui added.)


 


Vmprotect is nothing fancy actually.. I only know that some don't like releasing info any more only to get script kiddies go mental on it. With nobody actually trying to understand it..


Edited by johnjohn
  • Like 2
Link to comment

^Scripts have commoditized reverse engineering. Now anyone can load up an unpacking script and be an unpacker, without actually understanding how packing works.


 


IMO that's a good thing, but it leaves gaping holes in people's knowledge :) Now if I came out with a new packer with new antidebug and a new VM, it would stump a majority of the reversers out there...


  • Like 1
Link to comment

^Scripts have commoditized reverse engineering. Now anyone can load up an unpacking script and be an unpacker, without actually understanding how packing works.

 

IMO that's a good thing, but it leaves gaping holes in people's knowledge :) Now if I came out with a new packer with new antidebug and a new VM, it would stump a majority of the reversers out there...

 

 

Perhaps, but knowledge and a good challenge is the most important part of reversing, scripts seem to inhibit that.. Anyways I'll be waiting for your packer. ;) knowing your work it should be an interesting challenge.

Link to comment

vmprotect will publically die, when the next protector is popular...


 


scripts are not what you need, they do not help you when you have no clue how to defeat the protection without the script.


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...