|
|
@ -8,4 +8,7 @@ A trace is simply a file that contains all native register values, virtual stack
|
|
|
|
|
|
|
|
|
|
|
|
In order to use vmprofiler-qt a few requirements must be met. When using the GUI make sure to have the following information ready:
|
|
|
|
In order to use vmprofiler-qt a few requirements must be met. When using the GUI make sure to have the following information ready:
|
|
|
|
|
|
|
|
|
|
|
|
* `vm_entry rva` - the relative virtual address, from the base of the module, of `vm_entry`.
|
|
|
|
* `vm_entry rva` - the relative virtual address, from the base of the module, of `vm_entry`.
|
|
|
|
|
|
|
|
* `image base rva` - the `ImageBase` value located inside of the optional PE header.
|
|
|
|
|
|
|
|
* `.vmp2 file` - a trace file generated by vmtracer project such as `um-tracer`.
|
|
|
|
|
|
|
|
* an unpacked VMProtect'ed binary which you know all of the above about (use vmprofiler-cli to locate the values you dont know).
|