The complicated implementation mechanism makes VM protection system possess anti-emulation ability naturally because a complicated VM can exhaust the resources of an emulator easily. Even not, the time to emulate a sample packed by a VM protection system is often too long to tolerate, especially for on-access scan. The paper discusses how the prevalence of packers with VM technology will affect the AV industry that may have to face changes in some areas, including research direction, evaluation standards etc.
Zhenxiang Jim Wang has several books and more than 60 papers published. He specializes in reverse engineering technology, static unpacker development and virtual machine protection technology research, etc. He joined Microsoft in 2007. In 2004, he was interviewed by Programmer, a famous Chinese computer magazine, to talk about the assembly language education and reverse engineering based on his experiences.