Home
Upgrade
Credits
Search
Awards
Auth
Vouches
ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!

Jump to content

Home Upgrade Credits Search Awards Auth Vouches
Sign In
Create Account


Photo

Devitalizing vmprotect/themida and others will now become easier

Started By dfnctsc, Sep 20 2020 08:31 PM

  • Please log in to reply
Devitalizing vmprotect/themida and others will now become easier

#1
Posted 20 September 2020 - 08:31 PM

dfnctsc
dfnctsc
    Offline
    7
    Rep
    17
    Likes

    Member

Posts: 72
Threads: 13
Joined: Aug 06, 2018
Credits: 0

Five years registered
#1
Posted 20 September 2020 - 08:31 PM

Anyone in the scene is probably already aware of this, and given that this section of the forum seems heavily unmoderated given that half the posts have absolutely nothing to do with reverse engineering, I doubt this post will be of use to more than maybe a couple people.

 

With that said, check out 

Please Login or Register to see this Hidden Content

 

If anyone wants to discuss VTIL and maybe even potential collaborations on developing some tools using it I would love to have that conversation.

 

Hope helps someone as it has helped me!


  • 1

#2
Posted 22 September 2020 - 06:01 PM

FaithHF
FaithHF
    Offline
    36
    Rep
    234
    Likes

    SESH

Posts: 408
Threads: 36
Joined: Dec 04, 2016
Credits: 0

Seven years registered
#2
Posted 22 September 2020 - 06:01 PM

Funny you mention this -- over the last few days I was actually searching for ways to analyze VMProtect binaries and this was one of the projects that actually held my interest. It's sad that it's still just in alpha stages essentially, but seems to still be in somewhat active development (last commit two weeks ago.)

 

The only other option I found was the Unicorn Engine and specifically unicorn-pe which just emulates (as in emulating hardware by architecture, not virtualizing like a VM) the binary and uses Blackbone to find all the important data like the 'actual' entrypoint of the binary and a rebuilt IAT, allowing for better analysis in memory. Still quite a process, but much easier than it would have been a few years ago.

 

VTIL looks promising. I just hope the project doesn't die after the guy is done his PhD or whatever it's for. Main dev (can1357) also has more specific projects that use VTIL to break current VMP implementations, like NoVmp and vmpdump, or for kernel-level analysis, ByePg to disable patchguard. Guy knows what he's doing.

 

If there was some actual documentation for the project, then maybe I'd write something with it. But for the time being, I can barely make any sense of most of it. Take a look at the Unicorn Engine if you want something a little more mature for emulation of software that has 'some' documentation to work with.


  • 0

#3
Posted 21 October 2020 - 09:59 AM

legrando
legrando
    Offline
    0
    Rep
    2
    Likes

    Member

Posts: 57
Threads: 1
Joined: Apr 25, 2018
Credits: 0
Six years registered
#3
Posted 21 October 2020 - 09:59 AM

very interesting


  • 0

#4
Posted 30 October 2020 - 08:10 AM

AminRezaeian70
AminRezaeian70
    Offline
    17
    Rep
    11
    Likes

    Addicted

Posts: 198
Threads: 18
Joined: Jul 05, 2020
Credits: 0

Three years registered
#4
Posted 30 October 2020 - 08:10 AM

Please check your PM sir.

Thanks


  • 0

Cheapest Microsoft Products with Warranty
Cheapest Adobe CC All Apps with Warranty
--------
Telegram ID: @AminRez7070
Skype ID: Amin.Rezaeian70
Discord: CDKeySell.ir#3771

Back to General Chat

 Users browsing this thread:

  1. Nulled
  2. Reverse Engineering
  3. General Chat