Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

VMProtect v3.5.1

whoknows
whoknows
in UnPackMe (.NET)

Featured Replies

Posted

VMProtect v3.5.1

Hi all,

This is a protected with the TRIAL edition... 

Mutation / Virtualization w/ the built in VMProtect license system.

VMProtect Debugger detection - disabled. (apparently some C# lines added)

VMProtect Trial limitation user has to patch the file to run to his machine.

There are 2 enter serial dialogs, once you solve the 1st, drives you to 2nd, when a valid serial entered exporting a file... 

If a valid serial entered on 1st form, is saved to license.diz file.

File Information

Submitter whoknows

Submitted 10/07/2021

Category UnPackMe (.NET)

View File

VMProtect v3.5.1

    •
    • Like 2
    • 2 years later...

    the exe is not running in my machine  , do u have some v3.5 full version protected vm method little sample files 

    • Like 1
    1 hour ago, Hadits follower said:

    the exe is not running in my machine  , do u have some v3.5 full version protected vm method little sample files 

    On 10/23/2021 at 3:15 AM, whoknows said:

    VMProtect Trial limitation user has to patch the file to run to his machine.

     

    • Like 1

    hi, thanks but the problem i have failed to do that . 

    i think i need some vmprotect v3.5 full version protected sample little tinny files , which wheres some method have vm marked ,

    actually v3.5 main vm method have perams and also cleaning 0600001 exe after the exe run and also have something which i can not explain in english . 

    • Like 1

    if anyone have vmp marked methods v3.5 full version protected sample little test files , please post those files if possible , 

    thank u all  very much :

     

    Edited by Hadits follower

    • Like 1

    console or GUI one?

    • Like 1

    just protect some files in minimum label without cflow marked , and vm all methods, everything should be by v3.5 ,  thats it ,  i will try to learn something from it , 

    thank you too much

    Edited by Hadits follower

    • Like 1
    • Author

    @Hadits follower

    dn 473kb @:

    https://download.ru/files/wzwPRCwM

     

    made by :

    • VMProtect Ultimate v3.5.0.1213-WEB0DAY
    • VMProtect Ultimate v3.5.1.1399-crk
    • Like 2
    • 2 weeks later...

    WindowsFormsApplication4.vmp35.exe:
    1. VMUnprotect.Dumper
    https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0

    2. Unset "IL Only" Flag from .NET Directory with CFF Explorer

    3. Demutation Tool
    https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net
    https://forum.exetools.com/showthread.php?t=21105

    4. de4dot
    Use --keep-names ntpfg while cleaning the file using de4dot
    Or use --dont-rename

    5. VMP Killer by DarkBullNull
    Use Option 2 First and Fix CRC and Debug Check
    https://github.com/DarkBullNull/VMP.NET-Kill
    https://forum.tuts4you.com/topic/45179-vmpnet-kill/
    https://forum.exetools.com/showthread.php?p=131964

    6. Unset "IL Only" Flag from .NET Directory with CFF Explorer

    7. Use VMProtectNoDelegates to clean delegates
    https://forum.exetools.com/showthread.php?t=21106
    https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net

    The only thing left if unvirtualization.
     

    WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar

    •
    • Like 7
    • Thanks 2
    • 1 month later...
    • Author

    for the moment I mark @CodeExplorer reply as solution, still needs @Washi / @BlackHat touch for devirtualization!

     

    [EDIT]

    the CC attached, is another release is not this thread.

    Edited by whoknows

    • Like 1
    • 1 month later...

    yes,I also encountered the same problem,I am unable to open it,Until now, there is no way to solve it!I am very distressed

    • Like 1
    On 10/16/2024 at 2:12 AM, CodeExplorer said:

    WindowsFormsApplication4.vmp35.exe:
    1. VMUnprotect.Dumper
    https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0

    2. Unset "IL Only" Flag from .NET Directory with CFF Explorer

    3. Demutation Tool
    https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net
    https://forum.exetools.com/showthread.php?t=21105

    4. de4dot
    Use --keep-names ntpfg while cleaning the file using de4dot
    Or use --dont-rename

    5. VMP Killer by DarkBullNull
    Use Option 2 First and Fix CRC and Debug Check
    https://github.com/DarkBullNull/VMP.NET-Kill
    https://forum.tuts4you.com/topic/45179-vmpnet-kill/
    https://forum.exetools.com/showthread.php?p=131964

    6. Unset "IL Only" Flag from .NET Directory with CFF Explorer

    7. Use VMProtectNoDelegates to clean delegates
    https://forum.exetools.com/showthread.php?t=21106
    https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net

    The only thing left if unvirtualization.
     

    WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 347.55 kB · 39 downloads

    @CodeExplorer Can it be feasible to unpack this target with your method?

    Regards.

    sean.

    • 4 months later...
    On 10/15/2024 at 6:12 PM, CodeExplorer said:

    WindowsFormsApplication4.vmp35.exe:
    1. VMUnprotect.Dumper
    https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0

    2. Unset "IL Only" Flag from .NET Directory with CFF Explorer

    3. Demutation Tool
    https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net
    https://forum.exetools.com/showthread.php?t=21105

    4. de4dot
    Use --keep-names ntpfg while cleaning the file using de4dot
    Or use --dont-rename

    5. VMP Killer by DarkBullNull
    Use Option 2 First and Fix CRC and Debug Check
    https://github.com/DarkBullNull/VMP.NET-Kill
    https://forum.tuts4you.com/topic/45179-vmpnet-kill/
    https://forum.exetools.com/showthread.php?p=131964

    6. Unset "IL Only" Flag from .NET Directory with CFF Explorer

    7. Use VMProtectNoDelegates to clean delegates
    https://forum.exetools.com/showthread.php?t=21106
    https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net

    The only thing left if unvirtualization.
     

    WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 347.55 kB · 57 downloads

     

     

    Bro is semi-decrypted; it works fine, but is obfuscated. Any Other Solution 

     

    On 10/15/2024 at 6:12 PM, CodeExplorer said:

     

     

    Screenshot 2025-06-08 131912.png

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.