vmp2
/
vmprofiler-qt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
VMProtect 2 Qt Virtual Instruction Inspector
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18 Commits
1 Branch
9 Tags
76 MiB
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'v1.3'
${ noResults }
Go to file
_xeroxz 055297356d
added support for transformations of operands prior to the 5 transformations which i have documented... 		3 years ago
dependencies added support for transformations of operands prior to the 5 transformations which i have documented... 3 years ago
src added support for a generic transform prior to the 5 transforms... 3 years ago
.gitignore added source code and submodules 3 years ago
.gitmodules added source code and submodules 3 years ago
LICENSE Add LICENSE 3 years ago
README.md Update README.md 3 years ago
vmprofiler-qt.sln added support for a generic transform prior to the 5 transforms... 3 years ago

README.md

vmprofiler-qt - VMProtect 2 QT Virtual Instruction Trace Inspector

vmprofiler-qt is a GUI program designed to view trace files generated by vmtracer programs. Currently um-tracer is the only program that will generate a trace file, however in the near future another repo will be added using unicorn to generate traces.

A trace is simply a file that contains all native register values, virtual stack values, virtual register values, for every single executed virtual instruction. This allows for very indepth analysis of the executed virtual instructions. Without this level of information it is very difficult to make sense of virtual instructions and the effects on the virtual stack.

Usage Requirements

In order to use vmprofiler-qt a few requirements must be met. When using the GUI make sure to have the following information ready:

  • vm_entry rva - the relative virtual address, from the base of the module, of vm_entry.
  • image base rva - the ImageBase value located inside of the optional PE header.
  • .vmp2 file - a trace file generated by vmtracer project such as um-tracer.
  • an unpacked VMProtect'ed binary which you know all of the above about (use vmprofiler-cli to locate the values you dont know).

Usage

Click file -> open, navigate to the location of the VMProtect'ed file. Select it. After, enter the RVA to the vm_entry routine as well as the ImageBase value described in the above section. You can grab a trace file from um-tracer v1.0 release.