#11
|
|||
|
|||
@Vam
Current Version is better than old... better detection of Handler. But a 2big problem is still here. 1.VMProtect is stack based VM, so all stuff are pushed on stack for process. even without add junk code,its obfuscated. why? because: push dword ptr [reg_C] push 0041077C pop eax pop edx mov dword ptr ds:[eax], edx ;00000005 is : MOV DWORD PTR DS:[41077C],ECX so its hard for to understand in Long analyse. its better to use atleast pattern matching for deobfuscating this routine. for example : handler : 0x50,0x60,0x40,0x70,0x80 if run together it will for example equal to MOV R32,R32 if you do it, it will be very good. Kind Regards. Also im w8 for your new version Last edited by Raham; 04-30-2012 at 16:38. |
Tags |
codevirualizer, decompiler, vmprotect, vmsweeper |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Is there linux vm tool like vmprotect? | swlepus | General Discussion | 4 | 12-23-2011 10:07 |