Jump to content
Tuts 4 You

VMProtect v3.4.0.1155


Recommended Posts


VMProtect v3.4.0.1155

Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection.

Protections used:

  • Debugger detection (User-mode + Kernel-mode)
  • Ultra (Mutation + Virtualization)

Disabled protections:

  • Virtual Machine
  • Packer


Edited by whoknows (see edit history)
  • Like 1
Link to post

they've done a really nice job!

valid key:




simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them.
some other info you can find here & here.


Edited by Reza-HNA (see edit history)
  • Like 1
Link to post
Teddy Rogers
10 hours ago, Reza-HNA said:

@CodeExplorer hi, added some info

That is still light on with detail and context. It basically links to a tool you used and someone else's post...


Link to post
On 5/21/2020 at 1:33 PM, whoknows said:

@Reza-HNA shared the solution through PM, restore body method and decrypt the string.

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? 

Link to post
16 hours ago, BlackHat said:

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? 

The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized.

Link to post
  • 5 weeks later...

You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect?

Link to post

Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful.

Link to post
  • 3 weeks later...
  • 3 months later...
5 hours ago, kao said:

@BlackHat: thank you, it's a nice tutorial! :) 

But could you please fix images in the tutorial, they are very small and unreadable?


This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 


Image 1 - KTxsQsJ.png

Image 2 - qItHHIv.png



Edited by BlackHat (see edit history)
  • Thanks 1
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...