Questions tagged [vmprotect]
The vmprotect tag has no summary.
13 questions
4 votes
0 answers
192 views
How can I learn VMP analysis?
I am currently interested in learning reverse engineering, and I have a foundation in assembly, PE structure, and the use of Win32Api. And also have some of the foundation for writing Windows drivers;...
- 41
3 votes
1 answer
1k views
VMProtect Anti-debugging method (without WiNAPI)
First, sorry for my bad english. I'm trying to make VMProtect unpacker with unicorn emulator, but one of my sample shows me like this anti-debugging message: WTSSendMessageW: "A debugger has been ...
- 63
2 votes
0 answers
80 views
analyze track program protected
What are the modern methods of dealing with obfuscation and code virtualization? all these protectors create unrealistic code traces?
- 21
2 votes
1 answer
611 views
x86 - How do I detect virtualized code by looking at the assembly?
How can I detected virtualized code by say, vmprotect, obsidium or themida just by looking at the assembly code? I know that just looking at the PE section name would help, but I wanted to detect ...
- 69
1 vote
1 answer
8k views
Bypass USB key activation of a software
(The software is Chinese and contains malware. I do not know if I could upload it here, so temporarily, please let me describe it) I am asked by a spa store to "do something" to make a ...
- 11
2 votes
0 answers
321 views
Devirtualization
I've recently become pretty fascinated with virtualization and retrieving original code from a randomly generated byte code, such as protectors like VMProtect/etc. But I can not get a grasp on how it ...
user29468
0 votes
0 answers
342 views
problems with figuring out if its vmprotect or upx
my name is eleven and I'm new to reverse engineering and I have a question. after scanning my program I have wanted to reverse engineer I have walked into a problem. this is a program I'm trying to ...
- 1
2 votes
0 answers
859 views
How to virtualize part of a code like VMProtect does?
I am a new student in the field of cybersecurity. I would like to learn more about how virtualization used by software such as CodeVirtualizer and VMProtect works, and ideally to be able to ...
- 21
1 vote
0 answers
63 views
How to choose a .NET software protector which will have a small impact on run-time performance speed? [closed]
I am writing a .NET software which is doing calculations and drawing in real-time i.e when the user is moving the mouse. I want to protect this software from being reverse engineered and restrict its ...
- 111
3 votes
1 answer
5k views
VMProtect anti-debug method
I recently found a nice crackme which uses VMProtect 3.x as defense. After doing a little research online I found couple of API's VMProtect uses as an anti debug method. I set software breakpoint on ...
- 31
1 vote
1 answer
3k views
How detect version of VMProtect
I have a binary with VMProtect. Some tools giving info that this is 2.x, some that 3.x. How I could check it? Thanks.
- 21
-1 votes
1 answer
2k views
VMProtect keygen, turn off the anti-debugging
who faced with VMProtect? I just found on the Internet crackme and decided to grunt it, but unfortunately not that good of it did not work out, as the message about prevention of debugging climbed out....
- 141
4 votes
2 answers
2k views
Hooking functions in a VMProtect'ed executable
I'm trying to solve the Sharif CTF 2016 HI2.exe challenge. This challenge requires a specific (impossible to reach) environment (64 processors, 128GB RAM, ...) to display the flag. As the executable ...
- 109