{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T13:03:50Z","timestamp":1761570230776,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":24,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,20]]},"DOI":"10.1145\/3755881.3755892","type":"proceedings-article","created":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T11:46:17Z","timestamp":1761565577000},"page":"258-268","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Devmp: A Virtual Instruction Extraction Method for Commercial Code Virtualization Obfuscators"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-0937-1121","authenticated-orcid":false,"given":"Shenqianqian","family":"Zhang","sequence":"first","affiliation":[{"name":"Key Laboratory of Cyberspace Security, Ministry of Education, ZhengZhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6137-7782","authenticated-orcid":false,"given":"Weiyu","family":"Dong","sequence":"additional","affiliation":[{"name":"Information Engineering University, ZhengZhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8504-5480","authenticated-orcid":false,"given":"Jian","family":"Lin","sequence":"additional","affiliation":[{"name":"Information Engineering University, ZhengZhou, China"}]}],"member":"320","published-online":{"date-parts":[[2025,10,27]]},"reference":[{"key":"e_1_3_3_2_2_2","unstructured":"Check Point. 2023. Raspberry Robin: Anti-Evasion How-To & Exploit Analysis. https:\/\/research.checkpoint.com\/2023\/raspberry-robin-anti-evasion-how-to-exploit-analysis\/. Last Accessed: April 6 2025."},{"key":"e_1_3_3_2_3_2","unstructured":"VMProtect Software. 2022. VMProtect software protection. https:\/\/vmpsoft.com\/. Last Accessed: December 6 2024."},{"key":"e_1_3_3_2_4_2","unstructured":"Oreans Technologies. 2022. Themida Overview. https:\/\/www.oreans.com\/Themida.php. Last Accessed: December 6 2024."},{"key":"e_1_3_3_2_5_2","unstructured":"Oreans Technologies. 2022. Code Virtualizer Overview. https:\/\/www.oreans.com\/CodeVirtualizer.php. Last Accessed: December 6 2024."},{"key":"e_1_3_3_2_6_2","volume-title":"In Proceedings of the 29th Network and Distributed System Security Symposium","author":"Li Shijia","year":"2022","unstructured":"Shijia Li, Chunfu Jia, Pengda Qiu, Qiyuan Chen, Jiang Ming, and Debin Gao. 2022. Chosen-instruction attack against commercial code virtualization obfuscators. In In Proceedings of the 29th Network and Distributed System Security Symposium."},{"key":"e_1_3_3_2_7_2","unstructured":"zdhysd. 2014. VMP Analysis Plugin v1.4. https:\/\/bbs.kanxue.com\/thread-154621.htm. Last Accessed: December 6 2024."},{"key":"e_1_3_3_2_8_2","unstructured":"wallds. 2023. NoVmpy. https:\/\/github.com\/wallds\/NoVmpy. Last Accessed: March 12 2024."},{"key":"e_1_3_3_2_9_2","unstructured":"Fabrice Bellard. 2022. QEMU. https:\/\/www.qemu.org\/. Last Accessed: December 6 2024."},{"key":"e_1_3_3_2_10_2","unstructured":"xwings. 2023. Qiling Framework. https:\/\/qiling.io\/. Last Accessed: March 12 2024."},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813663"},{"key":"e_1_3_3_2_12_2","first-page":"372","volume-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Salwan Jonathan","year":"2018","unstructured":"Jonathan Salwan, S\u00e9bastien Bardin, and Marie-Laure Potet. 2018. Symbolic deobfuscation: From virtualized code back to the original. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 372\u2013392."},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"publisher","unstructured":"Chi-Keung Luk Robert Cohn Robert Muth Harish Patil Artur Klauser Geoff Lowney Steven Wallace Vijay\u00a0Janapa Reddi and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. SIGPLAN Not. 40 6 (June 2005) 190\u2013200. 10.1145\/1064978.1065034","DOI":"10.1145\/1064978.1065034"},{"key":"e_1_3_3_2_14_2","unstructured":"Fabrice Desclaux. 2012. Miasm: Framework de reverse engineering. Actes du sstic. sstic (2012)."},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.5555\/280635"},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3465772"},{"key":"e_1_3_3_2_17_2","doi-asserted-by":"crossref","first-page":"313","DOI":"10.1007\/978-3-319-89500-0_28","volume-title":"Information and Communications Security: 19th International Conference, ICICS 2017, Beijing, China, December 6-8, 2017, Proceedings 19","author":"Liang Mingyue","year":"2018","unstructured":"Mingyue Liang, Zhoujun Li, Qiang Zeng, and Zhejun Fang. 2018. Deobfuscation of virtualization-obfuscated code through symbolic execution and compilation optimization. In Information and Communications Security: 19th International Conference, ICICS 2017, Beijing, China, December 6-8, 2017, Proceedings 19. Springer, 313\u2013324."},{"key":"e_1_3_3_2_18_2","doi-asserted-by":"publisher","unstructured":"Deguang Le Jie Zhao Yufang Wang and Shengrong Gong. 2022. Reverse analysis algorithm of VMP virtual instruction. Computer Engineering and Design 43 09 (2022) 2431\u20132440. 10.16208\/j.issn1000-7024.2022.09.005","DOI":"10.16208\/j.issn1000-7024.2022.09.005"},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.27"},{"key":"e_1_3_3_2_20_2","unstructured":"J Raber. 2013. Virtual deobfuscator-a darpa cyber fast track funded effort. Proc. of the 16th Black Hat USA (2013)."},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046739"},{"key":"e_1_3_3_2_22_2","unstructured":"Hejie Huang Fei Kang and Hui Shu. 2014. Reverse Technology of Virtual Machine Protection Based on Dynamic Dataflow Analysis. Computer Engineering 40 9 (2014) 59\u201365."},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.246","volume-title":"2017 IEEE Trustcom\/BigDataSE\/ICESS","author":"Tang Zhanyong","year":"2017","unstructured":"Zhanyong Tang, Kaiyuan Kuang, Lei Wang, Chao Xue, Xiaoqing Gong, Xiaojiang Chen, Dingyi Fang, Jie Liu, and Zheng Wang. 2017. Seead: A semantic-based approach for automatic binary code de-obfuscation. In 2017 IEEE Trustcom\/BigDataSE\/ICESS. IEEE, 261\u2013268."},{"key":"e_1_3_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243827"},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3098995"}],"event":{"name":"Internetware 2025: the 16th International Conference on Internetware","sponsor":["SIGSOFT ACM Special Interest Group on Artificial Intelligence"],"location":"Trondheim Norway","acronym":"Internetware 2025"},"container-title":["Proceedings of the 16th International Conference on Internetware"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3755881.3755892","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T11:53:01Z","timestamp":1761565981000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3755881.3755892"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,20]]},"references-count":24,"alternative-id":["10.1145\/3755881.3755892","10.1145\/3755881"],"URL":"https:\/\/doi.org\/10.1145\/3755881.3755892","relation":{},"subject":[],"published":{"date-parts":[[2025,6,20]]},"assertion":[{"value":"2025-10-27","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}