omgkaka
commented
2 years ago Slow but not unacceptable. The original program only takes 200ms to complete a calculation, you can see on my pic that vmp_runner takes about 5 seconds.
Open MellowNight2 opened 2 years ago
omgkaka
commented
2 years ago Slow but not unacceptable. The original program only takes 200ms to complete a calculation, you can see on my pic that vmp_runner takes about 5 seconds.
MellowNight2
commented
2 years ago Have you tried protecting a binary using VMP with only anti-debug enabled, and running it through unicorn?
When I start emulating from the entry point, the program always calls a few anti-debug functions (IsDebuggerPresent, NtQueryInformationProcess...) and then enters an infinite loop.
I was wondering if you could maybe attempt this and share your results.
Hello, I can offer some advice or help for this project because last month, I developed a base for emulating windows PE files through unicorn. I can give you my discord tag if you use discord.
I want to let you know that unicorn emulation is extremely slow, it could take up to 5 minutes just to finish emulating the VMP'ed entry point. There some other methods of creating a sandbox type environment that I'd like to share with you, such as using HyperV's API to isolate an exe in a guest address space.