Call it a VM if you want, or call it an emulator, whatever. In my profession, it’s called a simulator; and it seems to me that it would make reversing so much easier. I’m positive that a cycle-accurate hardware model of the basic x86 architecture already exists, so it would suffice to write a “PE Loader” testbench for use in the freeware version of some simulator, to have a step-by-step timeline of what is actually going on in an executable.

Luckily it isn’t leaked. The malware authors have a license, or use the older versions.

I’ve only seen 3 people unpack the 2.x.x.x engines and they where way over the heads of the average crackers doing stuff for release teams.

themida/winlicense and vmprotect are probably the hardest to unpack with all the features enabled. Nobody on ‘the scene’ is doing inline patches of anything protected with them(as long as a strong vm and anti-dump are enabled.) underneath all that they have anti-debug. themida/winlicense usually update their engines a lot with new anti-debug and obfuscation algorithms; they do it all from userland too, and the latest completely avoids signature detection.

I’m thankful for all the positive criticism, seems like a lot of encouragement for my team to get more write ups out in this form :).

Glad to see you enjoyed the comic!

KOrUPt ~ Sapheads Binary analyst.

it seems the comic disappeared because you scrolled down to make a pointless comment about peoples ranting gabe. There needs to be chaos to compensate for all the boring people who flash mobbed the nets in the last decade and made it a consumer wasteland loaded full of solicitation just like the real world.

@triplecode: I know, what’s funny is if you’ve known the old time defcon people any time at all you know they where in their prime when you could get pass login prompts with the escape key, and shellcode was as easy as a hello world. They’re all like ham ‘n’ egger consultants and techs now. The people who compete in their CTF comps are usually wet behind the ears or still in a university.

I think I know one person there good at reversing and pen testing and he thinks pretty much the same thing I do. Especially about that fat head tommee pickles. Whatever though, I’m sure I’m some kind of hater for pointing out what’s visually/verbally/literally obvious.