Jump to content
Tuts 4 You

Edit History

HellSpider

HellSpider


Awards

Difficulty : 8
Language : C++
Platform : Windows 32-bit and 64-bit
OS Version : All
Packer / Protector : VMProtect 3.0.9

Description :

The objective is to interpret virtualized functions in the attached binaries.
No additional options have been used - no memory protection, no import protection and no compression.
The virtualized function(s) will execute when the following key(s) is/are pressed:

VMP32 (V1) : P
VMP32 (V2) : 1 and 2
VMP64 (V1) : P
VMP64 (V2) : 1 and 2

The virtualized functions are not very large.

Detailed information of the interpreting procedure/internals or a complete solution paper is preferable.

I will post similar challenges for other protectors if someone supplies me with a recent version (CodeVirtualizer, Themida, Enigma ...).

Accepted solutions:

VMP32 (V1) : @Raham
VMP32 (V2) : @Raham
VMP64 (V1) : @SmilingWolf @fvrmatteo
VMP64 (V2) : @fvrmatteo @SmilingWolf @mrexodia @xSRTsect

Files:

devirtualizeme32_vmp_3.0.9_v1.rar
devirtualizeme32_vmp_3.0.9_v2.rar
devirtualizeme64_vmp_3.0.9_v1.rar
devirtualizeme64_vmp_3.0.9_v2.rar

Screenshot :

devirtualizeme32_vmp_3.0.9_v1_2017-12-15_00-12-45.png.c019ad1506c9478af99c749349f404f3.png

 

 

HellSpider

HellSpider


Awards

Difficulty : 8
Language : C++
Platform : Windows 32-bit and 64-bit
OS Version : All
Packer / Protector : VMProtect 3.0.9

Description :

The objective is to interpret virtualized functions in the attached binaries.
No additional options have been used - no memory protection, no import protection and no compression.
The virtualized function(s) will execute when the following key(s) is/are pressed:

VMP32 (V1) : P
VMP32 (V2) : 1 and 2
VMP64 (V1) : P
VMP64 (V2) : 1 and 2

The virtualized functions are not very large.

Detailed information of the interpreting procedure/internals or a complete solution paper is preferable.

I will post similar challenges for other protectors if someone supplies me with a recent version (CodeVirtualizer, Themida, Enigma ...).

Accepted solutions:

VMP32 (V1) : @Raham
VMP32 (V2) : UNSOLVED
VMP64 (V1) : @SmilingWolf @fvrmatteo
VMP64 (V2) : @fvrmatteo @SmilingWolf @mrexodia @xSRTsect

Files:

devirtualizeme32_vmp_3.0.9_v1.rar
devirtualizeme32_vmp_3.0.9_v2.rar
devirtualizeme64_vmp_3.0.9_v1.rar
devirtualizeme64_vmp_3.0.9_v2.rar

Screenshot :

devirtualizeme32_vmp_3.0.9_v1_2017-12-15_00-12-45.png.c019ad1506c9478af99c749349f404f3.png

 

 

HellSpider

HellSpider

Difficulty : 8
Language : C++
Platform : Windows 32-bit and 64-bit
OS Version : All
Packer / Protector : VMProtect 3.0.9

Description :

The objective is to interpret virtualized functions in the attached binaries.
No additional options have been used - no memory protection, no import protection and no compression.
The virtualized function(s) will execute when the following key(s) is/are pressed:

VMP32 (V1) : P
VMP32 (V2) : 1 and 2
VMP64 (V1) : P
VMP64 (V2) : 1 and 2

The virtualized functions are not very large.

Detailed information of the interpreting procedure/internals or a complete solution paper is preferable.

I will post similar challenges for other protectors if someone supplies me with a recent version (CodeVirtualizer, Themida, Enigma ...).

Accepted solutions:

VMP32 (V1) : @Raham
VMP32 (V2) : UNSOLVED
VMP64 (V1) : @SmilingWolf @fvrmatteo
VMP64 (V2) : UNSOLVED

Files:

devirtualizeme32_vmp_3.0.9_v1.rar
devirtualizeme32_vmp_3.0.9_v2.rar
devirtualizeme64_vmp_3.0.9_v1.rar
devirtualizeme64_vmp_3.0.9_v2.rar

Screenshot :

devirtualizeme32_vmp_3.0.9_v1_2017-12-15_00-12-45.png.c019ad1506c9478af99c749349f404f3.png

 

 

×
×
  • Create New...