after a long time I decided to write a completely new VMProtect Unpack script.I checked older and newer VMProtect files which I found to create a new script which can handle all versions.After a long time of writing and testing is my work finished now and I am very proud of my latest "masterpiece" if I can say it so.This time I really tried everything to create a "All-In-One" script so that you as user have almost nothing to do anymore except to take a choice if the script ask you and thats all in the best case. So it will be very user-friendly again.No dumping no fixing no section adding no PE valIDAting!All these steps does handle the script automatically.Good for you [bad for me with that lot of extra work]. But anyway so I did it with joy.
VMProtect Ultra Unpacker 1.0
******************************************************
( 1.) Advanced OEP Finder x2 [Intelli Version]
( 2.) AntiDump x4 Redirection & Dumper
( 3.) Auto API Scanner [Value & System]
( 4.) VM API Redirection
( 5.) VM API Re-Redirection to API
( 6.) API Log & Find [Import Table Data]
( 7.) Import Table Calculator
( 8.) Advanced IAT Creator [No Import-Fix necessary]
( 9.) Target File Dumper + PE Rebuilder
( 10.) Advanced Section Calc & Adder
( 11.) Resource AntiDump Code-Patcher
( 12.) Heap AntiDump Patcher
( 13.) TLS Callback Remover
( 14.) Auto Dump PE Rebuilder
( 15.) Exe & DLL Support [NO VMP DLL Box]
( 17.) ASLR TLSC & Reloc Cleaner
( 18.) CPUID & RDTSC Scan [Fix Manually]
******************************************************
Environment : ARImpRec.dll by Nacho_dj - Big Special Thanks :)
DLL is used to get:
******************************************************
API Names | Ordinals | Module Owners by Address
Also I created 4 videos for you so see how to use the script and what to do in a special situations if the script does fail to find the OEP or API LOGGER so you will see all what you need to know to get it also working if this happend.I added also the the UnpackMe's into the package for you.Just read the text files which I wrote and see the videos first before you start.So I think that you will like the script and that my work on it was not in vain.
If something not works for you or if you get any trouble or have any questions etc then just post a reply on this topic to get a answer.
greetz
EDIT: IMPORTANT - Open the script and search for the line mov ARIMPREC_PATH, "C:\Nacho dll test\ARImpRec.dll" and remove this line or set a // sign before and save so I did forget to delete this line,sorry!
****************************************
* Unpacking of a VMProtect Boxed dll *
****************************************
[复制链接]
发表于 2012-12-27 13:22
发表于 2012-12-27 13:37
发表于 2012-12-27 13:28
So it will be very user-friendly again.No dumping no fixing no section adding no PE val
