Awesome
VMHunt: Extraction and Simplification of Virtualized Binary Code
VMHunt is a set of tools for analyzing virtualized binary code. Now we only support 32 bit traces.
Prerequisites
- PIN tools from Intel. I tested version 2.13 and 3.2, but other versions probably work as well.
- g++ compiler (6.0 version or above).
How to compile and install
- Compile the tracer: run
make PIN_ROOT=PinDirectory TARGET=ia32 $*
in thetracer
directory. - Compile VMHunt: run
make
in the project root directory.
How to use
- Use the tracer to record an execution trace.
pin -t tracer/obj-ia32/instracelog.so -- yourprogram
- Extract virtualized snippet in the trace.
./vmextract tracefile
- Backward slice the trace.
./slicer tracefile
- Run MG symbolic execution
./mgse tracefile