Return to forum

Am1OfPeaze · September 3, 2022 at 3:32 PM

Nice RE share friend, props

0xRet · September 4, 2022 at 2:44 PM

this one! Oh my!

ngim0uz · September 7, 2022 at 12:07 PM

lets see
bytheway thanks

ArtZero · September 8, 2022 at 3:03 AM

thanks...........

GameWork73 · September 8, 2022 at 7:10 PM

thank you

mrzeastey · September 10, 2022 at 3:18 PM

thank you

mylestanner · September 23, 2022 at 2:42 PM

(August 26, 2022, 12:42 PM)Dyne Wrote:
Image unavailable
VMUnprotect is a project engaged in hunting virtualized VMProtect methods. It makes use of Harmony to dynamically read VMP behavior. Currently only supports method administration. Works on VMProtect 3.6.0 (Latest) and few versions back.

Showcase:

Image unavailable

https://ibb.co/PYqC2cL

What is code virtualization?

As VMProtect describes it on their website; Code virtualization is the next step in software protection. Most protection systems encrypt the code and then decrypt it at the application’s startup. VMProtect doesn’t decrypt the code at all! Instead, the encrypted code runs on a virtual CPU that is markedly different from generic x86 and x64 CPUs as the command set is different for each protected file.

VMUnprotect.Dumper

VMUnprotect.Dumper is a project engaged in hunting tampered VMProtect assemblies. It makes use of AsmResolver to dynamically unpack VMP protected assembly. Works on VMProtect 3.5.1 (Latest) and few versions back.

Before usage of VMUnprotect.Dumper

Image unavailable

After usage of VMUnprotect.Dumper

Image unavailable

Thank you

realfaruki · September 26, 2022 at 11:49 PM

yu wergdfg

sandman666 · September 27, 2022 at 1:46 AM

thanks for sharing this tool!

racoonwd · October 1, 2022 at 3:21 AM

(August 26, 2022, 12:42 PM)Dyne Wrote:
Image unavailable
VMUnprotect is a project engaged in hunting virtualized VMProtect methods. It makes use of Harmony to dynamically read VMP behavior. Currently only supports method administration. Works on VMProtect 3.6.0 (Latest) and few versions back.

Showcase:

Image unavailable

https://ibb.co/PYqC2cL

What is code virtualization?

As VMProtect describes it on their website; Code virtualization is the next step in software protection. Most protection systems encrypt the code and then decrypt it at the application’s startup. VMProtect doesn’t decrypt the code at all! Instead, the encrypted code runs on a virtual CPU that is markedly different from generic x86 and x64 CPUs as the command set is different for each protected file.

VMUnprotect.Dumper

VMUnprotect.Dumper is a project engaged in hunting tampered VMProtect assemblies. It makes use of AsmResolver to dynamically unpack VMP protected assembly. Works on VMProtect 3.5.1 (Latest) and few versions back.

Before usage of VMUnprotect.Dumper

Image unavailable

After usage of VMUnprotect.Dumper

Image unavailable

thx