Quote:
Originally Posted by Vosiyons
https://ieeexplore.ieee.org/document/9139515
I seriously wonder when this tool will get in the hands of public, its gonna be the doomsday for vmpsoft.
Can we say that the VMProtect era is coming to an end?
|
Their tool claims to use hybrid execution using a mix of native code and emulation. There are potential practical issues here that academic tools probably aren't designed to scale to. Some like code coverage is just a general problem of dynamic analysis, since it's not easy to execute every code path leaving some parts unpacked.
But also how this hybrid mode works. I didn't see the details but I imagine the first execution is emulated and later execution are natively run. But different codepaths leasing to that point could change the unpacked result. Making certain targets likely impossibly slow if you require too much emulation. Further some targets are connected to a server with things like latency monitored e.g. games. Emulation would cause disconnects and make it very difficult in any time sensitive environment.
Such a tool is not so difficult to code a prototype of either. So I suspect it won't be easy to go from the academic prototype sufficient for research to state of the art targets.