updated deps, showed that vmlocate works for vmp3 bins now, same with flatten and deobfuscate...

main
xerox 3 years ago
parent 8c2b96dd41
commit 5d30927614

2
deps/vmprofiler vendored

@ -1 +1 @@
Subproject commit 3061b00f0817cb70feda5e33db29a55b157ada30
Subproject commit cbac337a604bf234c45fdf4d00e44ae7cf37e274

@ -2,6 +2,8 @@
#include <fstream>
#include <iostream>
#include <thread>
#include <vmlocate.hpp>
#include "vmemu_t.hpp"
#define NUM_THREADS 20
@ -116,17 +118,16 @@ int __cdecl main(int argc, const char* argv[]) {
std::strtoull(parser.get<std::string>("vmentry").c_str(), nullptr, 16);
std::vector<vm::instrs::code_block_t> code_blocks;
vm::ctx_t vmctx(module_base, image_base, image_size, vm_entry_rva);
if (!vmctx.init()) {
std::printf(
"[!] failed to init vmctx... this can be for many reasons..."
" try validating your vm entry rva... make sure the binary is "
"unpacked and is"
"protected with VMProtect 2...\n");
return -1;
}
vm::util::print(vmctx.vm_entry);
vm::ctx_t vmctx{module_base, image_base, image_size, vm_entry_rva};
// testing flatten and deobfuscate on vmp3 vm enters...
zydis_routine_t vm_entry;
vm::util::flatten(vm_entry, module_base + vm_entry_rva);
vm::util::deobfuscate(vm_entry);
vm::util::print(vm_entry);
// testing vmlocate port for vmp3...
const auto vm_entries = vm::locate::get_vm_entries(module_base, image_size);
std::printf("> number of vm entries = %d\n", vm_entries.size());
}
}
Loading…
Cancel
Save