VMProtect 2 Qt Virtual Instruction Inspector
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Go to file
_xeroxz c9620caa20
jcc's are working good, fixed a bug with RSI-0x1
4 years ago
dependencies cleaned the hell out of the code, rebuilding it pretty much 4 years ago
src jcc's are working good, fixed a bug with RSI-0x1 4 years ago
.clang-format updated to vmprofiler v1.6, fixed a bunch of issues... 4 years ago
.gitignore added source code and submodules 4 years ago
.gitmodules added source code and submodules 4 years ago
LICENSE Add LICENSE 4 years ago
README.md Update README.md 4 years ago
vmprofiler-qt.sln updated to newest vmprofiler, upgraded to .vmp2 v2 4 years ago

README.md

vmprofiler-qt - VMProtect 2 QT Virtual Instruction Trace Inspector

vmprofiler-qt is a GUI program designed to view trace files generated by vmtracer programs. Currently um-tracer is the only program that will generate a trace file, however in the near future another repo will be added using unicorn to generate traces.

A trace is simply a file that contains all native register values, virtual stack values, virtual register values, for every single executed virtual instruction. This allows for very indepth analysis of the executed virtual instructions. Without this level of information it is very difficult to make sense of virtual instructions and the effects on the virtual stack.

Usage Requirements

In order to use vmprofiler-qt a few requirements must be met. When using the GUI make sure to have the following information ready:

  • vm_entry rva - the relative virtual address, from the base of the module, of vm_entry.
  • image base rva - the ImageBase value located inside of the optional PE header.
  • .vmp2 file - a trace file generated by vmtracer project such as um-tracer.
  • an unpacked VMProtect'ed binary which you know all of the above about (use vmprofiler-cli to locate the values you dont know).

Usage

Click file -> open, navigate to the location of the VMProtect'ed file. Select it. After, enter the RVA to the vm_entry routine as well as the ImageBase value described in the above section. You can grab a trace file from um-tracer v1.0 release.