VMProtect 2 Usermode Virtual Instruction Hook Demo
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
_xeroxz fbb3a7d0eb Merge branch 'master' of https://githacks.org/vmp2/um-hook 12 months ago
dependencies added cli-parser to dependencies, renamed vmtracer to vmhook.. 1 year ago
refbuilds added packed rebuilds to the project (starting work on a static 12 months ago
src added packed rebuilds to the project (starting work on a static 12 months ago
.gitignore added ref builds and dependencies 1 year ago
.gitmodules added cli-parser to dependencies, renamed vmtracer to vmhook.. 1 year ago
LICENSE Add LICENSE 1 year ago
README.md Update README.md 12 months ago

README.md

um-hook - Usermode Virtual Instruction Hook Demo

um-hook is a demo project/repo which contains an example of how to hook a virtual instruction and alter its results. The binaries in this repo are not packed for simplicity sake, however in later demo's I will be applying packing to the executable.

Contents

  • dependencies/ - this project is dependent on vmhook.
  • refbuilds/ - binaries protected with ultra virtualization and no packing. These bins are for you to mess with!
  • src/ - source code for the usermode tracer.
    • vmptest/ - source code for the the test bins
    • um-hook/ - source code for usermode hook, includes a hook on LCONSTBZX.

Usage

First download the repo with git clone --recursive https://githacks.org/vmp2/um-hook.git, then compile the um-hook by opening um-hook.sln inside of src/. There should be an executable called um-hook.exe in x64/Release. This hook demo program is compiled for the first vmptest binary in the refbuilds directly.

To create a trace file simply run the following:

um-hook.exe --bin vmptest.vmp.exe --table 0x6473 --base 0x140000000