Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

VMProtect v3.5.1

Hi all,

This is a protected with the TRIAL edition... 

Mutation / Virtualization w/ the built in VMProtect license system.

VMProtect Debugger detection - disabled. (apparently some C# lines added)

VMProtect Trial limitation user has to patch the file to run to his machine.

There are 2 enter serial dialogs, once you solve the 1st, drives you to 2nd, when a valid serial entered exporting a file... 

If a valid serial entered on 1st form, is saved to license.diz file.

File Information

Submitter whoknows

Submitted 10/07/2021

Category UnPackMe (.NET)

View File

VMProtect v3.5.1

  • 2 years later...

the exe is not running in my machine  , do u have some v3.5 full version protected vm method little sample files 

1 hour ago, Hadits follower said:

the exe is not running in my machine  , do u have some v3.5 full version protected vm method little sample files 

On 10/23/2021 at 3:15 AM, whoknows said:

VMProtect Trial limitation user has to patch the file to run to his machine.

 

hi, thanks but the problem i have failed to do that . 

i think i need some vmprotect v3.5 full version protected sample little tinny files , which wheres some method have vm marked ,

actually v3.5 main vm method have perams and also cleaning 0600001 exe after the exe run and also have something which i can not explain in english . 

if anyone have vmp marked methods v3.5 full version protected sample little test files , please post those files if possible , 

thank u all  very much :

 

Edited by Hadits follower

console or GUI one?

just protect some files in minimum label without cflow marked , and vm all methods, everything should be by v3.5 ,  thats it ,  i will try to learn something from it , 

thank you too much

Edited by Hadits follower

  • Author

@Hadits follower

dn 473kb @:

https://download.ru/files/wzwPRCwM

 

made by :

  • VMProtect Ultimate v3.5.0.1213-WEB0DAY
  • VMProtect Ultimate v3.5.1.1399-crk
  • 2 weeks later...

WindowsFormsApplication4.vmp35.exe:
1. VMUnprotect.Dumper
https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0

2. Unset "IL Only" Flag from .NET Directory with CFF Explorer

3. Demutation Tool
https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net
https://forum.exetools.com/showthread.php?t=21105

4. de4dot
Use --keep-names ntpfg while cleaning the file using de4dot
Or use --dont-rename

5. VMP Killer by DarkBullNull
Use Option 2 First and Fix CRC and Debug Check
https://github.com/DarkBullNull/VMP.NET-Kill
https://forum.tuts4you.com/topic/45179-vmpnet-kill/
https://forum.exetools.com/showthread.php?p=131964

6. Unset "IL Only" Flag from .NET Directory with CFF Explorer

7. Use VMProtectNoDelegates to clean delegates
https://forum.exetools.com/showthread.php?t=21106
https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net

The only thing left if unvirtualization.
 

WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar

  • 1 month later...
  • Author

for the moment I mark @CodeExplorer reply as solution, still needs @Washi / @BlackHat touch for devirtualization!

 

[EDIT]

the CC attached, is another release is not this thread.

Edited by whoknows

  • 1 month later...

yes,I also encountered the same problem,I am unable to open it,Until now, there is no way to solve it!I am very distressed

On 10/16/2024 at 2:12 AM, CodeExplorer said:

WindowsFormsApplication4.vmp35.exe:
1. VMUnprotect.Dumper
https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0

2. Unset "IL Only" Flag from .NET Directory with CFF Explorer

3. Demutation Tool
https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net
https://forum.exetools.com/showthread.php?t=21105

4. de4dot
Use --keep-names ntpfg while cleaning the file using de4dot
Or use --dont-rename

5. VMP Killer by DarkBullNull
Use Option 2 First and Fix CRC and Debug Check
https://github.com/DarkBullNull/VMP.NET-Kill
https://forum.tuts4you.com/topic/45179-vmpnet-kill/
https://forum.exetools.com/showthread.php?p=131964

6. Unset "IL Only" Flag from .NET Directory with CFF Explorer

7. Use VMProtectNoDelegates to clean delegates
https://forum.exetools.com/showthread.php?t=21106
https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net

The only thing left if unvirtualization.
 

WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 347.55 kB · 39 downloads

@CodeExplorer Can it be feasible to unpack this target with your method?

Regards.

sean.

  • 4 months later...
On 10/15/2024 at 6:12 PM, CodeExplorer said:

WindowsFormsApplication4.vmp35.exe:
1. VMUnprotect.Dumper
https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0

2. Unset "IL Only" Flag from .NET Directory with CFF Explorer

3. Demutation Tool
https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net
https://forum.exetools.com/showthread.php?t=21105

4. de4dot
Use --keep-names ntpfg while cleaning the file using de4dot
Or use --dont-rename

5. VMP Killer by DarkBullNull
Use Option 2 First and Fix CRC and Debug Check
https://github.com/DarkBullNull/VMP.NET-Kill
https://forum.tuts4you.com/topic/45179-vmpnet-kill/
https://forum.exetools.com/showthread.php?p=131964

6. Unset "IL Only" Flag from .NET Directory with CFF Explorer

7. Use VMProtectNoDelegates to clean delegates
https://forum.exetools.com/showthread.php?t=21106
https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net

The only thing left if unvirtualization.
 

WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 347.55 kB · 57 downloads

 

 

Bro is semi-decrypted; it works fine, but is obfuscated. Any Other Solution 

 

On 10/15/2024 at 6:12 PM, CodeExplorer said:

 

 

Screenshot 2025-06-08 131912.png

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.