So, I understood more about Process VMs, simply last night, I was all of a sudden aware out of the blue of how it works, roughly.
I also found a sample VM implementation, the one which is supposedly used in packers/protectors, albeit probably not as advanced, but still worth the read. Here's the link http://syprog.blogspot.com/2011/12/simple-virtual-machine.html
Anyway, I guess it's sort of a misconception that a VM executes anything, it does not, the VM instructions are simply "interpreted" i.e if the instruction is MOV REG_DEST, REG_SRC, you are the one that must handle this operation.
I might write my own VM implementation, just to learn more.
Saturday, July 5, 2014
Wednesday, July 2, 2014
IDA is too glorified for x86/x64 RE.
I only mentioned x86 and x64, because while Ollydbg is a better debugger for those(and it's free), it cannot debug other platforms, such as ARM. It also lacks a decompiler.
But anyway, I see people mentioning IDA like it's the go-to tool for RE, it's not. I've had more success in RE-ing SecuROM than IDA ever has let me.
Simply, when it comes to x86/x64 it's only good for static analysis of binaries that are not protected. Once we go into packing,antidebugging and obfuscation, it'suseless not as good as Olly.
P.S
Ollydbg x64 is in development.
But anyway, I see people mentioning IDA like it's the go-to tool for RE, it's not. I've had more success in RE-ing SecuROM than IDA ever has let me.
Simply, when it comes to x86/x64 it's only good for static analysis of binaries that are not protected. Once we go into packing,antidebugging and obfuscation, it's
P.S
Ollydbg x64 is in development.
Subscribe to:
Posts (Atom)