Munroc Posted April 2, 2021 Posted April 2, 2021 Hello everybody, this is my first post in this forum... I have been trying to learn devirtualization for protectors like VMProtect or Themida. But I coudn't find much information. I was hoping someone here can point me to the right direction, recommend me any book or literature. Thanks in advance.
demon_da Posted April 2, 2021 Posted April 2, 2021 Here's a good tutorial about static devirtualization of a simple VM: https://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation http://www.msreverseengineering.com/blog/2018/1/31/finspy-vm-part-2-vm-analysis-and-bytecode-disassembly http://www.msreverseengineering.com/blog/2018/2/21/finspy-vm-unpacking-tutorial-part-3-devirtualization 1
deepzero Posted April 2, 2021 Posted April 2, 2021 you can also try to play around with https://github.com/anatolikalysch/VMAttack 1
deepzero Posted May 20, 2021 Posted May 20, 2021 Check out this excellent blogpost about devirtualizing VMP2: https://back.engineering/17/05/2021/ 1
deepzero Posted May 20, 2021 Posted May 20, 2021 Defeating Nested Virtualization with Miasm - FCSC21 CTF VMV https://mrt4ntr4.github.io/FCSC21-CTF-VMV/ 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now