/VMAttack

An automated VM disassembler and devirtualization tool [WIP!]

Primary LanguageC#GNU General Public License v3.0GPL-3.0

VMAttack - Devirtualization Research Tool

VMAttack is a work-in-progress project focused on .NET Virtual machines. It's currently exploring the virtualization techniques.

The goal is to help security researchers detect and identify malware that uses them.

Getting startedImplemented VMsDependenciesInstallation

forthebadge

Getting started

This project is an open-source (GPLv3) being under heavy work in progress and is being created as a study for anyone who wants to explore .NET VMs and learn about CIL Virtualization techniques and how to read them.

Virtualization is a common form of code obfuscation. It transforms code into a virtual program that is no longer recognizable as its source code, allowing it to be executed without the need for a human-readable form. However, this makes it difficult for security analysts to understand the behavior of virtualized programs, as the internal mechanism of commercial obfuscators is a black box.

Implemented VMs


Others


Installation


To build the project from the commandline, use:

$ git clone --recurse-submodules https://github.com/void-stack/VMAttack.git

$ dotnet restore
$ dotnet build

Dependencies


License

GPLv3 License