Techly NewsGet the app

Get the latest tech news

LLVM-powered devirtualization


Virtualization is a powerful technique for code obfuscation, and reversing it can be challenging. In this post, we cover the work done during an internship on developing an automated devirtualization tool. We explore a simplified taint-based approach and discuss its limitations. For a more in-depth analysis, the full report is also made available.

Removing comments / symbols Adding opaque predicates (branches on a constant condition) Control flow flattening Virtualization Due to its potency and the high availability of obfuscators, virtualization has unfortunately been used by threat actors and found in numerous malware ( source: MITRE). We then split an execution trace of the obfuscated binary each time we encounter a tainted conditional instruction in the CFG (branches, cmove, etc.).

Get the Android app

Or read this on Hacker News

« Ubuntu 25.04 Begins Preparations For GIMP 3.0
Stanford Research Reveals 9.5% of Software Engineers 'Do Virtually Nothing' »