|
It's true that the VMP VM is well documented and wont give much insight, i would actually be more interested in obtaining a full list of their normal obfuscation actions ... but would be spectacular in any case.
x64unpack can switch between emulation and native execution, and their results are excellent, including fairly real-world examples. Of course there will always be cases where it doesnt work, + countermeasures.
But I have used standard DBI the past for tracing and unpacking, and if done correctly and with some tuning they yield excellent results.
|