Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page vm protect dispatcher looks like this?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 04-17-2019, 20:44
0xall0c 0xall0c is offline
Friend
  
Join Date: Mar 2018
Posts: 70
Rept. Given: 0
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 28
Thanks Rcvd at 68 Times in 36 Posts
0xall0c Reputation: 4
vm protect dispatcher looks like this?
i was trying to unpack a malware packed with vmprotect, by writing a script i was able to generate a cfg and found 2 lines instruction

Code:
push edi
ret
which is like jumping to a thousand locations

although i think it should be the dispatcher, but i was generating cfg for just first 500000 instructions, so does vm protect virtualizes its own code also? and it is the dispatcher? or it is just a cfg obfuscation implementation?

if any one wants i can post the image of the cfg, but its too large!!
Reply With Quote
The Following User Says Thank You to 0xall0c For This Useful Post:
Indigo (07-19-2019)
 

Tags
debugging, vmprotect

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Visual Protect Spotted Horse General Discussion 10 09-17-2004 14:58


All times are GMT +8. The time now is 09:44.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )