Blog

 The latest Enigma shelling, although it is also removed, there are still some reluctances. To repair IAT perfectly, you need to manually process some functions necessary for different languages to completely repair IAT. Platform: windows XP 32-bit Tools: OD, REC Packing object: VC6.0 program Looking for OEP Looking for OEP, …

 Repair IAT The second simple encryptionThis kind of processing of IAT is a simple operation to decrypt the function address corresponding to the new FF25 table. Each encrypted IAT has a different value of push xxxxxxxx. The processing method of EG shell is almost the same as that of the …

0 – ⚠️ IMPORTANT NOTE This article explain how VMProtect works, not how to crack a VMP protected software. I’m not talking about any kind of Licensing System provided by VMP, or a developped one using VMP. I DON’T SUPPORT PIRACY in any way. This protection (cracked / leaked version …

 Here is my short research about VMP mutation engine. VMProtect is a well known protection with a lot of features, its core one is its virtualization engine. It’s a very good and optimized one, even if elite crackz say that it’s not at the level of Themida. Cracking its virtualization …

 This is my exploration around VMProtect security. VMP is a well known protection with a lot of features, main ones are Code Mutation and Virtualization, and compared to them, this part is the simplest regarding VMP. I will talk about all of those in future posts, but now I will …

 This post will introduce 7 custom passes that, once added to the optimization pipeline, will make the overall LLVM-IR output more readable. Some words will be spent on the unsupported instructions lifting and recompilation topics. Finally, the output of 6 devirtualized functions will be shown. Custom passes This section will give an overview of …

 This post will introduce the concepts of expression slicing and partial CFG, combining them to implement an SMT-driven algorithm to explore the virtualized CFG. Finally, some words will be spent on introducing the LLVM optimization pipeline, its configuration and its limitations. Poor man’s slicer Slicing a symbolic expression to be able to evaluate …

 This series of posts delves into a collection of experiments I did in the past while playing around with LLVM and VMProtect. I recently decided to dust off the code, organize it a bit better and attempt to share some knowledge in such a way that could be helpful to …