03-10-2020, 03:41 PM
This is NOT a magic 1 step tool that will instantly devirtualize and completely unpack vmprotect 3.x.
It will dump and help fix imports. If you don't know what that means this tool will NOT help you.
VMPDump
![[صورة مرفقة: 86OSgM.png]](https://i.hizliresim.com/86OSgM.png)
A dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64.
Before vs After
![[صورة مرفقة: j7o6w5.png]](https://i.hizliresim.com/j7o6w5.png)
![[صورة مرفقة: jOmcuP.png]](https://i.hizliresim.com/jOmcuP.png)
Usage
VMPDump.exe <Target PID> "<Target Module>" [-ep=<Entry Point RVA>] [-disable-reloc]
Arguments:
<Target PID>: The ID of the target process, in decimal or hex form.
<Target Module>: The name of the module which should be dumped and fixed.
This can be an empty string ("") if the process image module is desired.
[-ep=<Entry Point RVA>]: An optionally-provided entry-point RVA, in hex form. VMPDump simply overwrites the
Entry Point in the optional header with this value.
[-disable-reloc]: An optional setting to instruct VMPDump to mark that relocs have been stripped in the ouput image,
forcing the image to load at the dumped ImageBase. This is useful if runnable dumps are desired.
All credits for this software go to its creator!
It will dump and help fix imports. If you don't know what that means this tool will NOT help you.
VMPDump
A dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64.
Before vs After
Usage
VMPDump.exe <Target PID> "<Target Module>" [-ep=<Entry Point RVA>] [-disable-reloc]
Arguments:
<Target PID>: The ID of the target process, in decimal or hex form.
<Target Module>: The name of the module which should be dumped and fixed.
This can be an empty string ("") if the process image module is desired.
[-ep=<Entry Point RVA>]: An optionally-provided entry-point RVA, in hex form. VMPDump simply overwrites the
Entry Point in the optional header with this value.
[-disable-reloc]: An optional setting to instruct VMPDump to mark that relocs have been stripped in the ouput image,
forcing the image to load at the dumped ImageBase. This is useful if runnable dumps are desired.
All credits for this software go to its creator!