Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v4.0 Not able to detect VMProtect file #780

Closed
sooxt98 opened this issue Jun 3, 2020 · 1 comment
Closed

v4.0 Not able to detect VMProtect file #780

sooxt98 opened this issue Jun 3, 2020 · 1 comment
Assignees
@s3rvac
Labels
C-cpdetect C-fileinfo P-output

Comments

@sooxt98
Copy link

sooxt98 commented Jun 3, 2020

im using the file from here
avast/retdec-regression-tests@cf136e9

and the result
image
@s3rvac s3rvac self-assigned this Jun 3, 2020
@s3rvac
Copy link
Member

s3rvac commented Jun 3, 2020

Hi. RetDec v4.0 was released on 2020-04-07, but that detection of VMProtect was added a week later, on 2020-04-14 (#734). You will need to use the current master (here are pre-built binaries).

Here is the output of retdec-fileinfo in the current master:

$ retdec-fileinfo VMProtect-3.4_demo.ex
Input file               : VMProtect-3.4_demo.ex
[..]
Endianness               : Little endian
Image base address       : 0x10000000
Entry point address      : 0x100c5fba
Entry point offset       : 0x3dba
Entry point section name : .rcp3
Entry point section index: 9
Bytes on entry point     : 9cc70424f6d3fc0ce964deffff0f84b7b50b000f83d2030000f5f9f9f980fc0555e9182c01008b4c243ce8ecee000087fe89
Detected tool            : VMProtect (2.04+) (packer), combined heuristic
Detected tool            : Microsoft Linker (10.0) (linker), combined heuristic
Detected tool            : Microsoft (linker), dos header style
[..]

@s3rvac s3rvac closed this as completed Jun 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@s3rvac s3rvac

Labels
C-cpdetect C-fileinfo P-output
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@s3rvac @sooxt98