VMAttack IDA PRO Plugin

IDA Pro Plugin for static and dynamic virtualization-based packed analysis and deobfuscation.

VMAttack was awarded the second place at the annual IDA Pro Plug-in Contest in 2016!

Introduction

VMAttack is an IDA PRO Plug-in which enables the reverse engineer to use additional analysis features designed to counter virtualization-based obfuscation. For now the focus is on stack based virtual machines, but will be broadened to support more architectures in the future. The plugin supports static and dynamic analysis capabilities which use IDA API features in conjunction with the plugins own analysis capabilities to provide automatic, semi-automatic and manual analysis functionality. The main goal of this plugin is to assist the reverse engineer in undoing the virtualization-based obfuscation and to automate the reversing process where possible.

Installation

Prerequisites

IDA Pro >= 6.6

Python 2.7.10/.11

Tested with Windows 7 and Windows 10.

_https://github.com/anatolikalysch/VMAttack

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课