Any one used this script to Deobfuscate VMPROTECT

https://github.com/jnraber/VirtualDeobfuscator

hmm the tool seems a bit unpractical since it involves making a one go binary that would execute in the main function the virtualized problem, plus for some odd reason the example binary they have doesn't seem to run. The general idea of the tool seems nice, but perhaps there may be better tools suited from the problem so far. What I mean is that, what if instead of clustering-out the bad instructions in order to figure out the good ones, someone would tell you in advance what are the good ones and the bad ones? Turns out I already did that, I have created a project which anyone is invited to improve called VMPDBG. The only thing that stands aside from my project and these guy's is the fact that they have implemented a peephole optimizer, which may produce better (final) results. Anyway - my tool allows you to debugg, devirtualize and even dumps the final instructions in a txt file so that you can (later on) run a custom peephole optimizer you may see fit.

 

 

just read with caution the thread :

 

https://forum.tuts4you.com/topic/36653-devirtualizeme-vmprotect-2135/

Edited November 1, 20159 yr by xSRTsect

Thanks for your replay.

I am newbie. can you give me some video tutorials.