.Net VMUnprotect.NET

mak

Соломенные сандалии
Администратор
Сообщения
803
Реакции
576
VMUnprotect.NET
https://github.com/void-stack/VMUnprotect

https://github.com/void-stack/VMUnprotect/archive/refs/heads/main.zip

VMUnprotect is a project engaged in hunting virtualized VMProtect methods. It makes use of Harmony to dynamically read VMP behavior. Currently only supports method administration. Works on VMProtect 3.5.1 (Latest) and few versions back.

Showcase
https://github.com/void-stack/VMUnprotect/blob/main/VMUP/media/gif.gif

Usage
VMUnprotect.exe <path to assembly> [args to assembly]
Supported Protections
Note: All Supported Protections are working combined

Protection Name
Is supported​
Memory Protection
Yes​
Import Protection
Yes​
Resource Protection
Yes​
Debugger Detection
Yes​
Virtualization Tools
Yes​
Strip Debug Information
Yes​
Pack the Output File
No​

Usage can be found in MiddleMan.cs
C#:
namespace VMUnprotect
{
    /// <summary>
    ///     Works as Middle Man to make life easier
    /// </summary>
    internal static class MiddleMan
    {
        /// <summary>
        ///     This function manipulate can manipulate, log actual invokes from virtualized VMP functions.
        /// </summary>
        public static object VmpMethodLogger(object obj, BindingFlags? bindingFlags, Binder binder, ref object[] parameters, CultureInfo culture, MethodBase methodBase)
        {
            // Invoke the method and get return value.
            var returnValue = methodBase.Invoke(obj, parameters);

            // TODO: Add option to disable this because can cause bugs and can be broken easily
            var trace = new StackTrace();
            var frame = trace.GetFrame(5); // <--
            var method = frame.GetMethod();

            if (method.IsConstructor)
                ConsoleLogger.Warn($"VMP Method (Constructor) {method.FullDescription()}");

            ConsoleLogger.Warn($"VMP Method: {method.FullDescription()}");

            ConsoleLogger.Warn("MethodName: {0}", methodBase.Name);
            ConsoleLogger.Warn("FullDescription: {0}", methodBase.FullDescription());
            ConsoleLogger.Warn("MethodType: {0}", methodBase.GetType());
            if (obj != null) ConsoleLogger.Warn("obj: {0}", obj.GetType());

            // Loop through parameters and log them
            for (var i = 0; i < parameters.Length; i++)
            {
                var parameter = parameters[i];
                ConsoleLogger.Warn("Parameter ({1}) [{0}]: ({2})", i, parameter.GetType(), parameter);
            }

            ConsoleLogger.Warn("MDToken: {0}", methodBase.MetadataToken);
            ConsoleLogger.Warn("Returns: {0}", returnValue);

            if (returnValue != null)
                ConsoleLogger.Warn("Return type: {0}\n", returnValue.GetType());

            return returnValue;
        }
    }
}
Current Features
  • Tracing invokes in virtualized methods.
  • Manipulating parameters and return values.
 

igorca

Новичок
Посетитель
Сообщения
6
Реакции
40
а скомпиленные файлы может кто залить?
 
Верх Низ