Import stub classification via NOP as first Instruction fails for some VMP versions.

0xnobody / vmpdump

A dynamic VMP dumper and import fixer, powered by VTIL.

GNU General Public License v3.0

1.12k stars 209 forks source link

Import stub classification via NOP as first Instruction fails for some VMP versions. #6

Closed 0xnobody closed 4 years ago

0xnobody commented 4 years ago

Certain VMP versions include dead instructions before the NOP instruction, which leads to failed import stub scans. Possible fix: use another method (instruction count / analysis) to filter import stub calls before VTIL analysis.

0xnobody commented 4 years ago

Fixed by https://github.com/0xnobody/vmpdump/commit/49b37db85e8dfd106cf971498e51b82aa47db4b7