Jump to content
Tuts 4 You

VMProtect v3.5.1


Recommended Posts

Posted

VMProtect v3.5.1


Hi all,

This is a protected with the TRIAL edition... 

Mutation / Virtualization w/ the built in VMProtect license system.

VMProtect Debugger detection - disabled. (apparently some C# lines added)

VMProtect Trial limitation user has to patch the file to run to his machine.

There are 2 enter serial dialogs, once you solve the 1st, drives you to 2nd, when a valid serial entered exporting a file... 

If a valid serial entered on 1st form, is saved to license.diz file.


 

  • Like 1
  • 2 years later...
Hadits follower
Posted

the exe is not running in my machine  , do u have some v3.5 full version protected vm method little sample files 

CodeExplorer
Posted
1 hour ago, Hadits follower said:

the exe is not running in my machine  , do u have some v3.5 full version protected vm method little sample files 

On 10/23/2021 at 3:15 AM, whoknows said:

VMProtect Trial limitation user has to patch the file to run to his machine.

 

  • Like 1
Hadits follower
Posted

hi, thanks but the problem i have failed to do that . 

i think i need some vmprotect v3.5 full version protected sample little tinny files , which wheres some method have vm marked ,

actually v3.5 main vm method have perams and also cleaning 0600001 exe after the exe run and also have something which i can not explain in english . 

  • Like 1
Hadits follower
Posted (edited)

if anyone have vmp marked methods v3.5 full version protected sample little test files , please post those files if possible , 

thank u all  very much :

 

Edited by Hadits follower
  • Like 1
Posted

console or GUI one?

  • Like 1
Hadits follower
Posted (edited)

just protect some files in minimum label without cflow marked , and vm all methods, everything should be by v3.5 ,  thats it ,  i will try to learn something from it , 

thank you too much

Edited by Hadits follower
  • Like 1
  • 2 weeks later...
CodeExplorer
Posted

WindowsFormsApplication4.vmp35.exe:
1. VMUnprotect.Dumper
https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0

2. Unset "IL Only" Flag from .NET Directory with CFF Explorer

3. Demutation Tool
https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net
https://forum.exetools.com/showthread.php?t=21105

4. de4dot
Use --keep-names ntpfg while cleaning the file using de4dot
Or use --dont-rename

5. VMP Killer by DarkBullNull
Use Option 2 First and Fix CRC and Debug Check
https://github.com/DarkBullNull/VMP.NET-Kill
https://forum.tuts4you.com/topic/45179-vmpnet-kill/
https://forum.exetools.com/showthread.php?p=131964

6. Unset "IL Only" Flag from .NET Directory with CFF Explorer

7. Use VMProtectNoDelegates to clean delegates
https://forum.exetools.com/showthread.php?t=21106
https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net

The only thing left if unvirtualization.
 

WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar

  • Like 5
  • Thanks 1
  • 1 month later...
Posted (edited)

for the moment I mark @CodeExplorer reply as solution, still needs @Washi / @BlackHat touch for devirtualization!

 

[EDIT]

the CC attached, is another release is not this thread.

Edited by whoknows
  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...