Category:Digital-Forensics/Computer-Forensics/Anti-Reverse-Engineering/Packers/VMProtect
Jump to navigation
Jump to search
| You are here | VMProtect
|
Description
- VMProtect is a Russian-made security envelope and file compressor utility that makes reverse engineering of protected software quite difficult.
- Can be identified by the presence of .vmp0 and .vmp1 sections.
- Unpacking tutorial: http://www.progamercity.net/boi/2658-tutorial-boi-vmprotect-unpacking.html
Example of a VMProtect program (code at entry point):
011F22CE /E9 54370000 JMP HI2.011F5A27
011F22D3 ^|E9 22B5FFFF JMP HI2.011ED7FA
011F22D8 |B3 8B MOV BL,0x8B
...
...
011F5A27 50 PUSH EAX
011F5A28 60 PUSHAD
011F5A29 C74424 20 0BAAB>MOV DWORD PTR SS:[ESP+0x20],0xFFB1AA0B
011F5A31 66:C70424 59BA MOV WORD PTR SS:[ESP],0xBA59
011F5A37 C74424 1C 8BC4B>MOV DWORD PTR SS:[ESP+0x1C],0x2BB6C48B
011F5A3F 885424 04 MOV BYTE PTR SS:[ESP+0x4],DL
011F5A43 8D6424 1C LEA ESP,DWORD PTR SS:[ESP+0x1C]
011F5A47 E9 B2110D00 JMP HI2.012C6BFE
Pages in category "Digital-Forensics/Computer-Forensics/Anti-Reverse-Engineering/Packers/VMProtect"
This category contains only the following page.