You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Are these two tools - Qiling and Speakeasy real tools or some kind of fiction?
I will expand my question: Why was such a "bold" programming language - python - chosen for tools that are so demanding on the speed of code execution? Python is immutable, but many API mutate args of call (simplest WinAPI - GetLogicalProcessorInformation (need need pervert with ctypes create_string_buffer() ).
JD96:
"I noticed tons of hardcoded contants in all of the frameworks, some even unable to send a driver list to an NtQuerySystemInfo request thus VMP killing itself instantly on x64.
These frameworks lack way too much and offer way too less to justify reading into them in detail and fixing the bugs.
When you use any of that python junk it runs so slow it took 5 mins to even get to a point where VMP crashed itself - far from done."
Waryas:
"Unicorn/qemu work by caching instruction blocks makes it that the instrumentation callback doesn't actually gets called on EVERY instruction? You miss some instructions because they're in the JIT cache."
Most of the analyzed PE viruses, malware, packed in 3 layers and using various
tricks and techniques. Qiling implements unicorn in a single thread, which can be easily detected and analyzed by PE. Again, race condition, etc., exception handling for windows kernel driver and others...
Are both of these disadvantages easily avoided and people calmly use these tools (Qiling, Speakeasy) to analyze real PE protected, for example, VMProtect last version included VMP for windows kernel driver?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I will expand my question: Why was such a "bold" programming language - python - chosen for tools that are so demanding on the speed of code execution? Python is immutable, but many API mutate args of call (simplest WinAPI - GetLogicalProcessorInformation (need need pervert with ctypes create_string_buffer() ).
JD96:
"I noticed tons of hardcoded contants in all of the frameworks, some even unable to send a driver list to an NtQuerySystemInfo request thus VMP killing itself instantly on x64.
These frameworks lack way too much and offer way too less to justify reading into them in detail and fixing the bugs.
When you use any of that python junk it runs so slow it took 5 mins to even get to a point where VMP crashed itself - far from done."
Waryas:
"Unicorn/qemu work by caching instruction blocks makes it that the instrumentation callback doesn't actually gets called on EVERY instruction? You miss some instructions because they're in the JIT cache."
tricks and techniques. Qiling implements unicorn in a single thread, which can be easily detected and analyzed by PE. Again, race condition, etc., exception handling for windows kernel driver and others...
Are both of these disadvantages easily avoided and people calmly use these tools (Qiling, Speakeasy) to analyze real PE protected, for example, VMProtect last version included VMP for windows kernel driver?
Beta Was this translation helpful? Give feedback.
All reactions