This repository has been archived by the owner on Jan 9, 2022. It is now read-only.
如何识别 vmp 版本呢? #1
Comments
|
外壳可以通过 exeinfo 和 peid 查。但结果比较粗略 不一定准备 1.x 和 2.x 虚拟机 都比较类似 能找到解释循环 代码中形如 mov edx, dword ptr [eax*4+0x404cf8] / ret 之类的指令 3.x 整体解释执行结构变了 指令跳转变成链式结构 靠 jmp edi 指令 这些指令特征可以作为识别版本的一点参考 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
No description provided.
The text was updated successfully, but these errors were encountered: