search

0xnobody / vmpdump

A dynamic VMP dumper and import fixer, powered by VTIL.
GNU General Public License v3.0
1.12k stars 209 forks source link

X86 support #5

Closed dpvdberg closed 4 years ago

dpvdberg commented 4 years ago

What changes would have to be made in order to devirtualize X86 executables?

0xnobody commented 4 years ago

Hello. This project was not made for devirtualization. For that, you can refer to my other project, VMPAttack, which attempts to lift virtualized VMP methods to VTIL and optimize them, producing devirtualized results. If you indeed mean extending VMPDump's functionality to x86, I had decided not to support it as it is a rather archaic architecture, which is rarely supported nowadays. However, from my basic analysis of x86 VMP executables, the logic flow is exactly the same and just involves x86 registers and processor features instead of x64 ones, so porting should be relatively easy.