Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

AV VM BYPASS ENGINE.

A classroom run by newbies for newbies. Gain valuable reversing experience & skills as we explain the in's and out's of RCE.
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

AV VM BYPASS ENGINE.

Post by Indy »

Attachments
VmTest.zip
(33.57 KiB) Downloaded 310 times
User avatar
disavowed
Posts: 1290
Joined: Mon Apr 01, 2002 3:00 pm

Post by disavowed »

OMG! This is breaking news!! Are you saying that if you obfuscate malware then AV products won't be able to detect it?! Call the presses! Alert the media!
_genuine
Member
Posts: 78
Joined: Wed Oct 07, 2009 4:55 pm

Post by _genuine »

Oh my, I didnt see this one coming..
frozenrain

Post by frozenrain »

only check a api?av can add support this api quickly
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

The api can be any. Api's are emulated as atoms, this engine splits it, this mechanism can not work around.
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

this is TrapFlag_SelfTracer.

any new code can be called "VM BYPASS ENGINE"
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

Simple use of the TF can not determine the fact of emulation. Typical methods is a gag's(затычки по русскl) . They fix.
checking_numbr1
Junior Member
Posts: 1
Joined: Sun Oct 21, 2012 8:01 am

Post by checking_numbr1 »

Indy wrote:http://indy-vx.narod.ru/Bin/VMBE.zip

[ATTACH]2644[/ATTACH]

:devil:
Someone made Indy angry so he deleted :) all from his website. Can someone reupload this?
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

woodmann
[ATTACH]2665[/ATTACH]
Attachments
VMBE.zip
(56.67 KiB) Downloaded 473 times
NeOXOeN
Member
Posts: 95
Joined: Sun Feb 05, 2006 9:33 pm

Post by NeOXOeN »

Indy wrote:woodmann
[ATTACH]2665[/ATTACH]
indy what is password for it??
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

VMBE 2

pass: vx

[ATTACH]2756[/ATTACH]
Attachments
VMBE2.zip
(27.8 KiB) Downloaded 155 times
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

Aver's is gone, Comrades :)
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

wow fixed.

vx

[ATTACH]2757[/ATTACH]
Attachments
VMBE2.zip
(38.37 KiB) Downloaded 167 times
NeOXOeN
Member
Posts: 95
Joined: Sun Feb 05, 2006 9:33 pm

Post by NeOXOeN »

damn.. .nice.. thx for rlz
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

NeOXOeN

[ATTACH]2764[/ATTACH]
Attachments
ka.zip
(34.29 KiB) Downloaded 171 times
Locked