Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page reverse vmprotected function
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-03-2015, 17:26
TrOn TrOn is offline
Friend
  
Join Date: Feb 2015
Posts: 58
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 17
Thanks Rcvd at 9 Times in 5 Posts
TrOn Reputation: 0
reverse vmprotected function
How can I reverse a vmprotected function from a sys file? I have unpacked the sys file. The .PAGE and .text section include the code i need. I opened the files as a bin file with ida pro. The unprotected functions will disassembles. Can I convert the protected code into unprotected code?

Thank you
Reply With Quote
  #2  
Old 05-03-2015, 18:29
Syoma Syoma is offline
reverse engineer
  
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 78 Times in 51 Posts
Syoma Reputation: 77
Write DeVM plug-in or tool like Sweeper and get VM CFG trace. Analyze trace and convert to native unprotected code.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
GMP function Git General Discussion 4 06-16-2011 21:33


All times are GMT +8. The time now is 14:58.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )