Skip to content

fcccode/vmprotectunpacker

BranchesTags
ย 
ย 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

7 Commits
include/vmprotectunpacker
include/vmprotectunpacker
ย 
ย 
src
src
ย 
ย 
CMakeLists.txt
CMakeLists.txt
ย 
ย 
README.md
README.md
ย 
ย 

Repository files navigation

๐Ÿงฉ VMProtectUnpacker

A custom C++ debugger that dynamically unpacks VMProtect-protected binaries, dumps in-memory decrypted code, and disassembles it using Capstone.

๐Ÿ“ Project Overview

This tool leverages a custom Windows debugger to:

  • Launch protected binaries in suspended mode
  • Locate the real entry point (OEP) post-unpacking
  • Set an INT3 breakpoint to capture unpacking
  • Dump memory of the real, unpacked executable
  • Disassemble the code using Capstone engine

๐Ÿ› ๏ธ Building with CMake

This project uses CMake (v3.16 or higher) and C++17. Capstone is required as an external dependency.

โœ… Prerequisites

  • Capstone Engine installed:
    • Headers: C:/Program Files/capstone/include
    • Libs: C:/Program Files/capstone/lib
  • CMake 3.16+
  • Visual Studio (MSVC) or any C++17-compatible compiler

๐Ÿ—๏ธ Build Steps

# Clone the repo
git clone https://github.com/sudha2323/vmprotectunpacker.git
cd vmprotectunpacker

# Configure with CMake
cmake -B build -S . -DCMAKE_BUILD_TYPE=Release

# Build
cmake --build build --config Release

About

A custom tool to unpack VMProtect-obfuscated executables and restore the original binary

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 98.7%
  • CMake 1.3%