Munroc Posted April 2, 2021 Share Posted April 2, 2021 Hello everybody, this is my first post in this forum... I have been trying to learn devirtualization for protectors like VMProtect or Themida. But I coudn't find much information. I was hoping someone here can point me to the right direction, recommend me any book or literature. Thanks in advance. Link to comment Share on other sites More sharing options...
demon_da Posted April 2, 2021 Share Posted April 2, 2021 Here's a good tutorial about static devirtualization of a simple VM: https://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation http://www.msreverseengineering.com/blog/2018/1/31/finspy-vm-part-2-vm-analysis-and-bytecode-disassembly http://www.msreverseengineering.com/blog/2018/2/21/finspy-vm-unpacking-tutorial-part-3-devirtualization 1 Link to comment Share on other sites More sharing options...
deepzero Posted April 2, 2021 Share Posted April 2, 2021 you can also try to play around with https://github.com/anatolikalysch/VMAttack 1 Link to comment Share on other sites More sharing options...
deepzero Posted May 20, 2021 Share Posted May 20, 2021 Check out this excellent blogpost about devirtualizing VMP2: https://back.engineering/17/05/2021/ 1 Link to comment Share on other sites More sharing options...
deepzero Posted May 20, 2021 Share Posted May 20, 2021 Defeating Nested Virtualization with Miasm - FCSC21 CTF VMV https://mrt4ntr4.github.io/FCSC21-CTF-VMV/ 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now