Forums

WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization.   WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar

Hi! can someone help in coding version.dll in delphi to patch exe file ,there is an patcher called PYG_DLL_Patcher which exports version.dll and some other dlls but it has viruses when i enable the antivirus it deletes that version.dll file exported by PYG_DLL_Patcher, i found a version.dll delphi code here  but the patch code is not included in it. Thanks in advance!

Anyone who can give a nudge on how to proceed with the start of ch5? Found the initial piece but am unable to get anythin usefull out of it.

Hi guys, I am also stuck on ch5. I was able to decrypt the shellcode, however, I can't find any paths that lead me to discover the inputs for the shellcode and the filename. Feel free to DM if you can help me.