After my last post I aimed at devirtualizing VMProtect 3.5 next. First milestone is reached and my lifter can lift single virtualized functions with static CFGs to LLVM and the VMP layer folds away. Next up are some more elaborate functions, but this made me very happy :3
Static Devirtualization of Themida/CodeVirtualizer. The techniques in this article apply to pretty much every virtual machine obfuscator with minor modifications.
https://t.co/RMvPKcv3KB
Original Program & Devirtualized Output
https://t.co/R8hLk9ISRZ
When practicing on a VM crackme recently, I created a devirtualizer which lifts the virtual machine to LLVM to defeat the protection. LLVM-based devirtualisation is a lot of fun and I wrote down my experience and lessons learned on my blog:
https://t.co/LiWNIj31uK
🧵 LE CHANGEMENT D’ÉTAT CIVIL C’EST MAINTENANT !
CECDoc est une appli (Windows/macOS/Linux) qui génère automatiquement une requête et un dossier complet pour une demande de changement de sexe et de prénoms à l’état civil 🏳️⚧️
Fini la procrastination ! ⤵️
https://t.co/SjH3ZRy6QO
the watchers: how openai, the US government, and persona have been secretly running an identity surveillance system since nov 2023.
https://t.co/Zz04WDF8Lz
researched by @vmfunc, @MDLcsgo, @DziurwaF
This is a very ... strange ... move by Zig.
The hyper-criticality toward Kernel32 (or Kernel32base) usage is uncharacteristic of a programming language which seeks stability.
Also, some of the statements said in this write-up are not (technically) true. Most notably Zig writes that all Kernel32 functionality forwards to NTDLL. This is incorrect.
However, I can't tell if he's writing in general*.
Some functions inside Kernel32 never forward to NTDLL. The entire reason why they exist in usermode space is to prevent over 9000 SYSCALL invocations to kernel mode stuff.
I also do not understand why he doesn't hold Win32u in the same regard....
I'm very, very, very confused.