Couple a days I am trying find everything about VMProtect. Its sad there is almost nothing public available for VMProtect 3.x and nothing for x64. I don't understand it, because I think this topic is very interesting and many viruses or malware using it.
I am interesting how AV companies deals with it? I am using Eset's NOD and they are simple, everything with VMProtect is virus. I think this is very stupid Do you know any AV company which try deobfuscate it and analyze obfuscated code?
Do you know any professional product for deobfuscation? I mean something what I can buy and use inside of my product (like AV or AR product)?
Do you think is it interesting for someone buy product like this?
Last question. I moved to x64 bit platform and there are many problems with actual tools for debugging and reversing and etc. But there is no other way. I am using x64dbg for debugging Ring 3 applications but its not possible (or I can't) trace application or create trace log. What app do you use for trace logs? WinDbg or something else?
Thx for answers and I hope my post is not totally stupid
Ask your beginner questions here.
2 posts • Page 1 of 1
- Global Moderator
- Posts: 4887
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
They use whitelist. Everything else considered as you said as virus/trojan or potential virus/trojan. Very simple. Malware which use commercial protection software on their "products" (mostly Themida) are usually totally lame.exit_2 wrote:I am interesting how AV companies deals with it? I am using Eset's NOD and they are simple, everything with VMProtect is virus. I think this is very stupid :mrgreen: Do you know any AV company which try deobfuscate it and analyze obfuscated code?
Ring0 - the source of inspiration