Code Virtualization Help

#1 01-12-2009, 01:36

Helo, i have a little question about virtual machines which uses PE protectors. I google a lot, but I don't find any idea to create my own code protecting VM. Have you any ideas ? (...SORRY FOR MY ENGLISH...)

#2 01-12-2009, 07:59

Study other VM protectors and steal their ideas. You have Themida, Securom, VMProtect to study...

Sabor · #3 01-12-2009, 10:29

check rewolfs release, really a good start; read the readme.

#4 01-18-2009, 17:38

yeah study, but studiing some unpacked Protectors or Virtualizers is really hard

and rewolfs ??? I don't hear about it. and goolge don't help me with rewolfs. Have you something else idea ?

#5 01-19-2009, 19:46

Maybe this could help you to have some ideas... not well written but well... that's from a comercial protector

http://www.codebreakers-journal.com/content/view/290/97/

scherzo

Evilcry · #6 01-25-2009, 00:01

Take also a look to libemu

Code:

http://libemu.carnivore.it/

Regards

#7 02-08-2009, 17:45

Here you can understand the basic workings of a VM.
_http://rapidshare.com/files/16968098/Inside_Code_Virtualizer.rar

And here is a VM compiler source code by 0rp posted a long time ago.
_http://www.woodmann.com/forum/showthread.php?t=10003

Cheers

dubya · #8 03-06-2009, 22:00

^Thanks for those links!

Aren't there any open-source examples available? (Irony, I know -- OSS on an RE forum

)

#9 03-08-2009, 05:21

Here you can find the Rewolf's x86 Virtualizer Source code

it's very simple but very easy to know how

...

Code:

http://www.rewolf.pl/

AND all users thanx for good reasons on this post

#10 03-19-2009, 15:35

learn cv inside

ahmadmansoor · #11 03-19-2009, 21:38

@peexe : can u explain more ....... ???!!!!!

gunterg · #12 03-19-2009, 23:18

I think he refer at Inside Code Virtualizer by scherzo

Regards

#13 03-22-2009, 09:11

Rolf's posts might also interest you.

http://www.openrce.org/blog/view/123...art_0:__Basics

OHPen · #14 03-26-2009, 17:57

It is not that difficult to write an own vm based protector. as the others explained read papers about commercial products. but you can also start with a minimum set of requirements.

- C/C++
- Disassembler Library

And there you go. First step could be just to virtualize only a single type of instruction, for example an arithmetic one like

add eax, 0x12345678

This will keep your code very small. There is no need to support hundereds of different opcodes if you just want to understand the concept.

Regards,
OHPen

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hardware virtualization is good in cracking?	Nicogalan	General Discussion	7	12-03-2012 02:48

The Following User Gave Reputation+1 to For This Useful Post:
dubya (03-06-2009)

The Following 2 Users Gave Reputation+1 to For This Useful Post:
dubya (03-08-2009), redbull (03-20-2009)