- Сообщения
- 930
- Реакции
- 855
https://github.com/void-stack/VMUnprotect
https://github.com/void-stack/VMUnprotect/archive/refs/heads/main.zip
VMUnprotect is a project engaged in hunting virtualized VMProtect methods. It makes use of Harmony to dynamically read VMP behavior. Currently only supports method administration. Works on VMProtect 3.5.1 (Latest) and few versions back.
Showcase
https://github.com/void-stack/VMUnprotect/blob/main/VMUP/media/gif.gif
Usage
VMUnprotect.exe <path to assembly> [args to assembly]
Supported Protections
Note: All Supported Protections are working combined
| Protection Name | Is supported |
|---|---|
| Memory Protection | Yes |
| Import Protection | Yes |
| Resource Protection | Yes |
| Debugger Detection | Yes |
| Virtualization Tools | Yes |
| Strip Debug Information | Yes |
| Pack the Output File | No |
Usage can be found in MiddleMan.cs
C#:
namespace VMUnprotect
{
/// <summary>
/// Works as Middle Man to make life easier
/// </summary>
internal static class MiddleMan
{
/// <summary>
/// This function manipulate can manipulate, log actual invokes from virtualized VMP functions.
/// </summary>
public static object VmpMethodLogger(object obj, BindingFlags? bindingFlags, Binder binder, ref object[] parameters, CultureInfo culture, MethodBase methodBase)
{
// Invoke the method and get return value.
var returnValue = methodBase.Invoke(obj, parameters);
// TODO: Add option to disable this because can cause bugs and can be broken easily
var trace = new StackTrace();
var frame = trace.GetFrame(5); // <--
var method = frame.GetMethod();
if (method.IsConstructor)
ConsoleLogger.Warn($"VMP Method (Constructor) {method.FullDescription()}");
ConsoleLogger.Warn($"VMP Method: {method.FullDescription()}");
ConsoleLogger.Warn("MethodName: {0}", methodBase.Name);
ConsoleLogger.Warn("FullDescription: {0}", methodBase.FullDescription());
ConsoleLogger.Warn("MethodType: {0}", methodBase.GetType());
if (obj != null) ConsoleLogger.Warn("obj: {0}", obj.GetType());
// Loop through parameters and log them
for (var i = 0; i < parameters.Length; i++)
{
var parameter = parameters[i];
ConsoleLogger.Warn("Parameter ({1}) [{0}]: ({2})", i, parameter.GetType(), parameter);
}
ConsoleLogger.Warn("MDToken: {0}", methodBase.MetadataToken);
ConsoleLogger.Warn("Returns: {0}", returnValue);
if (returnValue != null)
ConsoleLogger.Warn("Return type: {0}\n", returnValue.GetType());
return returnValue;
}
}
}- Tracing invokes in virtualized methods.
- Manipulating parameters and return values.
