Architecture Analysis of VMProtect 3.8 - Demystifying the Complexity

Explore a detailed conference talk from Recon 2024 where Holger Unterbrink demystifies the architecture of VMProtect 3.8. Learn about the latest architectural changes in this powerful code protection software and discover techniques for attacking or reversing protected binaries through symbolic execution and binary instrumentation. The presentation covers the use of tools like Dynamic Data Resolver to assist in the reversing process and builds upon previous research on VMProtect. Gain insights into VMProtect's inner workings, learn to identify when malware authors make configuration errors, and understand how to develop custom tools for analysis. The talk is structured to cover VMProtect's introduction, operational mechanics, feature set, architectural changes in version 3.8, attack vectors, efficacy analysis, successful attack examples, and tool development strategies. Holger Unterbrink brings over 25 years of information security experience as a Cisco Talos technical leader specializing in malware and threat hunting.