#1
|
|||
|
|||
vm protect dispatcher looks like this?
i was trying to unpack a malware packed with vmprotect, by writing a script i was able to generate a cfg and found 2 lines instruction
Code:
push edi ret although i think it should be the dispatcher, but i was generating cfg for just first 500000 instructions, so does vm protect virtualizes its own code also? and it is the dispatcher? or it is just a cfg obfuscation implementation? if any one wants i can post the image of the cfg, but its too large!! |
The Following User Says Thank You to 0xall0c For This Useful Post: | ||
Indigo (07-19-2019) |
Tags |
debugging, vmprotect |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Visual Protect | Spotted Horse | General Discussion | 10 | 09-17-2004 14:58 |