vmprofiler is a c++ library which is used to statically analyze VMProtect 2 polymorphic virtual machines. This project is inherited in vmprofiler-qt, vmprofiler-cli, and vmemu. This is the base project for all other VMProtect 2 projects inside of this group on githacks.
### Credit & Contributors
* [VTIL](https://github.com/vtil-project/VTIL-Core) - Virtual-machine Translation Intermediate Language
* [Zydis](https://github.com/zyantific/zydis) - Fast and lightweight x86/x86-64 disassembler library
* [irql0](https://github.com/irql0) - helped with the first version of vm handler pattern matching
### Basic Usage - Creating a vm::ctx_t Object
The `vm::ctx_t` class is a small container-like class which is simply used to contain all information for a given vm entry. This class contains the following useful information:
* all vm handlers for a given vm entry
* the linear virtual address of the module base in memory
* the image base address
* the image size in virtual memory
* which way VIP advances (exec_type)
* vm entry relative virtual address
* vm entry deobfuscated and flattened
* calc jmp deobfuscated and flattened
All of the above information is generated by executing the `vm::ctx_t::init` member function. Below is a C++ example of how to create a `vm::ctx_t` object.
```cpp
const auto module_base = reinterpret_cast<std::uintptr_t>(
std::printf( "[!] failed to init vm::ctx_t... make sure all cli arguments are correct!\n" );
return -1;
}
```
### Using vm::ctx_t Object
Once you have instantiated `vm::ctx_t` and called `vm::ctx_t::init` with success, you now can directly access the data members of `vm::ctx_t`. Most importantly, `vm::ctx_t::calc_jmp`, `vm::ctx_t::vm_entry`, and `vm::ctx_t::vm_handlers`. An example usage of this data could be dumping the native x86_64 instructions which make up `vm::ctx_t::vm_entry`. Example c++ code for this is displayed below.