A tutorial walking through the process of devirtualising programmes protected by VMProtect 3 https://github.com/1111joe1111/tuts/tree/master/vm_protect_3 #vmprotect #reverse #ida #dukeBarman
GitHub
tuts/vm_protect_3 at master Β· 1111joe1111/tuts
Reverse engineering tutorials. Contribute to 1111joe1111/tuts development by creating an account on GitHub.
VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture
https://back.engineering/17/05/2021/
#reverse #vm #debug #vmprotect #antidebug #analysis #KosBeg
https://back.engineering/17/05/2021/
#reverse #vm #debug #vmprotect #antidebug #analysis #KosBeg
Tickling VMProtect with LLVM https://forum.reverse4you.org/t/tickling-vmprotect-with-llvm/16980 #reverse #vmprotect #llmv #tutorial #darw1n
R0 CREW
Tickling VMProtect with LLVM
This series of posts delves into a collection of experiments I (fvrmatteo) did in the past while playing around with LLVM and VMProtect. I recently decided to dust off the code, organize it a bit better and attempt to share some knowledge in such a way thatβ¦
An experimental dynamic approach to devirtualize pure functions protected by VMProtect 3.x
https://github.com/JonathanSalwan/VMProtect-devirtualization
#reverse #vmp #vmprotect #protection #obfuscation #deobfuscation #devirtualization #sloukixnx
https://github.com/JonathanSalwan/VMProtect-devirtualization
#reverse #vmp #vmprotect #protection #obfuscation #deobfuscation #devirtualization #sloukixnx
GitHub
GitHub - JonathanSalwan/VMProtect-devirtualization: Playing with the VMProtect software protection. Automatic deobfuscation ofβ¦
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM. - JonathanSalwan/VMProtect-devirtualization
π18π₯6β€4
Mergen converts Assembly code into LLVM IR, a process known as lifting. It leverages the LLVM optimization pipeline for code optimization and constructs control flow through pseudo-emulation of instructions. Unlike typical emulation, Mergen can handle unknown values, easing the detection of opaque branches and theoretically enabling exploration of multiple code branches.
These capabilities facilitate the deobfuscation and devirtualization of obfuscated or virtualized functions. Currently in early development, Mergen already shows promise in devirtualizing older versions of VMProtect, with ambitions to support most x86_64 instructions.
https://github.com/NaC-L/Mergen
#llvm #lifting #vmprotect #tnaci
These capabilities facilitate the deobfuscation and devirtualization of obfuscated or virtualized functions. Currently in early development, Mergen already shows promise in devirtualizing older versions of VMProtect, with ambitions to support most x86_64 instructions.
https://github.com/NaC-L/Mergen
#llvm #lifting #vmprotect #tnaci
GitHub
GitHub - NaC-L/Mergen: Deobfuscation via optimization with usage of LLVM IR and parsing assembly.
Deobfuscation via optimization with usage of LLVM IR and parsing assembly. - NaC-L/Mergen
π24β€8π₯°4π2