Posted October 7, 20213 yr VMProtect v3.5.1 Hi all, This is a protected with the TRIAL edition... Mutation / Virtualization w/ the built in VMProtect license system. VMProtect Debugger detection - disabled. (apparently some C# lines added) VMProtect Trial limitation : user has to patch the file to run to his machine. There are 2 enter serial dialogs, once you solve the 1st, drives you to 2nd, when a valid serial entered exporting a file... If a valid serial entered on 1st form, is saved to license.diz file. File Information Submitter whoknows Submitted 10/07/2021 Category UnPackMe (.NET) View File
September 27, 2024Sep 27 the exe is not running in my machine , do u have some v3.5 full version protected vm method little sample files
September 27, 2024Sep 27 1 hour ago, Hadits follower said: the exe is not running in my machine , do u have some v3.5 full version protected vm method little sample files On 10/23/2021 at 3:15 AM, whoknows said: VMProtect Trial limitation : user has to patch the file to run to his machine.
September 27, 2024Sep 27 hi, thanks but the problem i have failed to do that . i think i need some vmprotect v3.5 full version protected sample little tinny files , which wheres some method have vm marked , actually v3.5 main vm method have perams and also cleaning 0600001 exe after the exe run and also have something which i can not explain in english .
September 27, 2024Sep 27 if anyone have vmp marked methods v3.5 full version protected sample little test files , please post those files if possible , thank u all very much : Edited September 27, 2024Sep 27 by Hadits follower
September 27, 2024Sep 27 just protect some files in minimum label without cflow marked , and vm all methods, everything should be by v3.5 , thats it , i will try to learn something from it , thank you too much Edited September 27, 2024Sep 27 by Hadits follower
September 27, 2024Sep 27 Author @Hadits follower dn 473kb @: https://download.ru/files/wzwPRCwM made by : VMProtect Ultimate v3.5.0.1213-WEB0DAY VMProtect Ultimate v3.5.1.1399-crk
October 2, 2024Oct 2 de4vmp - VMProtect unvirtualizer: https://github.com/chickenienRE/de4vmp Demutation https://github.com/xlfj5211/DeMutation For MSIL decryption SMD_for_agile can be used. I didn't complete yet the challenge.
October 15, 2024Oct 15 WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization. WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar
November 30, 2024Nov 30 Author for the moment I mark @CodeExplorer reply as solution, still needs @Washi / @BlackHat touch for devirtualization! [EDIT] the CC attached, is another release is not this thread. Edited November 30, 2024Nov 30 by whoknows
January 30Jan 30 yes,I also encountered the same problem,I am unable to open it,Until now, there is no way to solve it!I am very distressed
February 1Feb 1 On 10/16/2024 at 2:12 AM, CodeExplorer said: WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization. WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 347.55 kB · 39 downloads @CodeExplorer Can it be feasible to unpack this target with your method? Regards. sean.
June 8Jun 8 On 10/15/2024 at 6:12 PM, CodeExplorer said: WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization. WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 347.55 kB · 57 downloads Bro is semi-decrypted; it works fine, but is obfuscated. Any Other Solution On 10/15/2024 at 6:12 PM, CodeExplorer said:
Create an account or sign in to comment