vmpklōn – Creation of a VMProtect Clone

Presented at Kiwicon 2038AD: The Dystopic Future is Now (2018), Nov. 16, 2018, 9:45 a.m. (30 minutes)

This talk will discuss our research into VMProtect virtualization technology, which ultimately led to the creation of a VMProtect clone. VMProtect is a commercial-grade software protection platform which greatly increases the difficulty in reverse engineering samples. One feature of VMProtect is instruction virtualization, where original x86 instructions are transformed into a VMProtect-style virtualization. This talk will cover stack based virtual machines, VMProtect basics, writing a disassembler, recovery of x86 translations, and creation of a VMProtect clone.

Presenters:

• Jon Erickson
  Jon Erickson is a senior staff reverse engineer within the Flare team at FireEye. Before joining FireEye, Jon made the rounds with various government contractors and before that served in the United States Air Force. Jon has worked in the security industry for more than 15 years and has a master’s degree from George Mason University. Jon has spoken at numerous conferences including Blackhat Asia, CodeBlue, and SyScan 360. He’s contributed to a number of CVE’s and continuously works to help new security researchers better themselves within the field.

Similar Presentations:

• 30C3 (2013) / Virtually Impossible: The Reality Of Virtualization Security: Errata FTW
• May Contain Hackers (MCH2022) / illumos SmartOS, specialized Type 1 Hypervisor