https://github.com/ergrelet/themida-spotter-bn
A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.
https://github.com/ergrelet/themida-spotter-bn
binary-ninja-plugin code-virtualizer rust themida winlicense
Last synced: 8 months ago
JSON representation
A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.
- Host: GitHub
- URL: https://github.com/ergrelet/themida-spotter-bn
- Owner: ergrelet
- License: gpl-3.0
- Created: 2024-07-06T02:04:11.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-07-28T18:01:04.000Z (almost 2 years ago)
- Last Synced: 2025-01-23T05:12:56.582Z (over 1 year ago)
- Topics: binary-ninja-plugin, code-virtualizer, rust, themida, winlicense
- Language: C++
- Homepage:
- Size: 135 KB
- Stars: 77
- Watchers: 6
- Forks: 8
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# themida-spotter-bn  [](https://img.shields.io/badge/rust-1.79.0%2B-orange.svg)
A Binary Ninja plugin that detects and tags obfuscated code entry patterns from
Oreans Technologies's software obfuscators (_i.e._, WinLicense, Themida and Code
Virtualizer), in order to help reverse engineers focus on interesting code.
## Screenshot
# Supported Targets
The plugin has been tested on **x86** and **x86_64** executables protected with
Oreans's products up to version **3.1.9**.
# How to Build
```
git clone https://github.com/ergrelet/themida-spotter-bn && cd themida-spotter-bn
cargo build --release
```
The plugin will then be available at `target/release/themida_spotter_bn.dll` if
you're on Windows for example.
Note: the plugin is build against `v4.1.5747-stable` by default but you can change
the version in `Cargo.toml` to build against your version of Binary Ninja if needed.
## How to Install
Check out the official Binary Ninja documentation to know where to copy the
files:
[Using Plugins](https://docs.binary.ninja/guide/plugins.html)