View Single Post
  #75  
Old 02-18-2011, 21:30
quosego quosego is offline
Family
 
Join Date: Feb 2009
Posts: 104
Rept. Given: 8
Rept. Rcvd 39 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
quosego Reputation: 39
Ah took a look at the new beta 9.
Seems it solved the primitive issue. Nice. Which I suspect was some floating point instruction.

Also took a look at the intermediate code generated, and my decompiler seems to be in agreeance with yours. I always wondered if my code was simply just bonkers, since Oreans VM intermediately decompiled is way more clear. But it seems it's just how VMprotect is. (love how you dump everything cleanly including opcodes, mine just ditches instructions and skips unknown handlers.)

However it seems it's not breaking on some external code breakpoints. It works on a few detours however it gets lost eventually and the program just starts. (No, one of the normal code exits doesn't start it. ) Could be the VMware crappy hw breakpointing though. (Also really doesn't like unfixed CPUID antidumps, which is expectable though. )

Restarting it and breaking on the correct location works fine though. Detects this and simply proceeds.
(Small note, sometimes the retn's of the external code aren't properly detected and dumped it the trace, unlikely to matter though since you won't decompile it.)

Also this restarting won't work if the external code is called multiple times thoughout the program, since it'll then break on a earlier call and try to DeVM some other code.
(a check for the return address in esp would solve this.) Will see if I can make it gen some ASM.

anyways it's pretty awesome.
regards,
q.

Last edited by quosego; 02-18-2011 at 21:43.
Reply With Quote