fix vmprotect import function used unicorn-engine.

Overview

Vm2Import

fix vmprotect import function used unicorn-engine.

it can repair functions such as call [module.function] or jmp [module.function] or reg(mov) [module.function] that are statically imported by the VM.

it is effective in vmp2 and vmp3.

Use

  1. copy to x64dbg
x64dbg\release\x32\plugins\unicorn.dll

x64dbg\release\x32\plugins\Vm2Import.dp32

x64dbg\release\x64\plugins\unicorn.dll

x64dbg\release\x64\plugins\Vm2Import.dp64

  1. select "VM_Start" call vmp0.xxxxxxxx, right click menu "Vm2Import"->"Fix Import Call Address"

repair menu preview

  1. repair.

repair preview

original sample:

original preview

Thanks

Issues
  • emu status: false

    emu status: false

    I did a right-click on VM_Start>Vm2Import>Fix Import Call Address...... image

    ..... but why am I getting 'emu status: false' in the log section every time? image

    Additionally just FYI, first call actually points to CloseHandle API in kernel32.dll after passing through .vmp0 section: image

    opened by blitzkrieg99 3
  • Vm2Import v1.2 do not works on Windows XP SP3

    Vm2Import v1.2 do not works on Windows XP SP3

    Hi,

    Is Vm2Import compatible with Windows XP SP3 ?

    I think not because it does not load.

    It would be possible to give it support to work on Windows XP ?

    Thanks in advanced.

    opened by LordGarfio 1
Owner
共产主义接班人
共产主义接班人
This is a proof-of-concept of a modern C web-framework that compiles to WASM and is used for building user interfaces.

DanCing Web ?? ?? (DCW) Getting Started Dancing Web is now distributed with the Tarantella Package Manager — a tool I've made to simplify setup of pro

Danilo Chiarlone 3 Sep 11, 2021
C++ Parallel Computing and Asynchronous Networking Engine

中文版入口 Sogou C++ Workflow As Sogou`s C++ server engine, Sogou C++ Workflow supports almost all back-end C++ online services of Sogou, including all sea

Sogou-inc 8.9k Aug 8, 2022
VMPImportFixer is a tool aimed to resolve import calls in a VMProtect'd (3.x) binary.

VMPImportFixer VMPImportFixer is a tool aimed to resolve import calls in a VMProtect'd (3.x) binary. Information VMPImportFixer attempts to resolve al

null 245 Aug 9, 2022
Vmpfix - Universal x86/x64 VMProtect 2.0-3.X Import fixer

vmpfix VMPfix is a dynamic x86/x64 VMProtect 2.0-3.x import fixer. The main goal of this project was to build correct and reliable tool to fix imports

Pavel 183 Jul 26, 2022
My old heavily modified version of bigbase v1, it has an impulse-like scrollbar, ytd header loader, Vector3 fix + gamestate fix and some other misc changes!

Old Bigbase V1 UI This is my old ui for bigbase v1 but i dont need it anymore because the dev of solar mod menu stole it, and the new paragon menu (Fr

null 11 Jun 19, 2022
Qnicorn: a cutting edge version of unicorn-engine.org

Qnicorn Engine Qnicorn is a cutting edge and community-driven version of unicorn-engine. Qnicorn offers the features below: All features that Unicorn2

qiling.io 3 Aug 9, 2022
A general solution to simulate execution of virtualized instructions (vmprotect/themida, etc.).

vmp_runner A general solution to simulate execution of virtualized instructions (vmprotect/themida, etc.) based on Unicorn. 一个基于Unicorn模拟执行虚拟化指令(vmpro

kakasasa 42 Jul 6, 2022
Unicorn CPU emulator framework tutorial

使用unicorn-engine开发模拟器 什么是unicorn引擎 Unicorn是基于qemu开发的一个CPU模拟器,支持常见的各种指令集,能在各种系统上运行。 GITHUB项目地址:https://github.com/unicorn-engine/unicorn 官网地址:https://w

null 9 Mar 9, 2022
MINCE is an Emacs-like text editor from Mark of the Unicorn, Inc.

MINCE Is Not Complete[ly] EMACS Overview MINCE is an Emacs-like text editor from Mark of the Unicorn, Inc. Versions were available for many oper

Jeffrey H. Johnson 20 Jul 18, 2022
IDA Debugger Module to Dynamically Synchronize Memory and Registers with third-party Backends (Tenet, Unicorn, GDB, etc.)

IDA Debug Bridge IDA Debugger Module to Dynamically Synchronize Memory and Registers with third-party Backends (Tenet, Unicorn, GDB, etc.) By synchron

null 8 Jul 13, 2022
Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework, based on QEMU.

Unicorn Engine Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework, based on QEMU. Unicorn offers some unparalleled fe

lazymio 1 Nov 7, 2021
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, X86)

Unicorn Engine Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU. Unicorn offers some unparalleled fea

Unicorn Engine 5.5k Aug 6, 2022
Import C++ files directly from Python!

If you've used cppimport version 0.0.*, some new features for you! Compiler arguments, multiple source files, bug fixes! Read on. Import C or C++ file

Ben Thompson 1k Aug 8, 2022
Import of the DIY Dynamic Template v2, retrieved from the Internet Archive

Dynamic Templates This is a copy of the D*I*Y Planner Dynamic Template application that was posted to diyplanner.com/node/6210 back in 2009,

Trammell Hudson 20 Jun 16, 2022
api & source menu base import imgui from imgui-js

onetap v4 crack https://discord.gg/AXCtxVH4PB people asking me for otv4 source "bin2h" (meaning binary to hex) large hexadecimal array deleted all the

h4xr0x#1337 8 Jun 25, 2022
Gigaleak | Import HMS file to GEO file for sm64 decomp

Convert HMS to GEO This is a conventer HMS to GEO for Super Mario 64. Requires SM64 decomp and a knowledge of how levels work. NOTE: This is super eas

Swip 2 Dec 26, 2021
Import GIF/WebP animated image as a new AnimatedTexture asset type.

Animated Texture Plugin for Unreal Engine 5 This plugin allows you to import animated pictures into your Unreal Engine 5 project as a new AnimatedText

房燕良 26 Jul 24, 2022
A blender import/export system for Defold

defold-blender-export A blender import/export system for Defold Setup Notes There are no exhaustive documents for this tool yet. Its just not complete

David Lannan 21 Jun 3, 2022
WifSolverCuda - Tool for solving misspelled or damaged Bitcoin Private Key in Wallet Import Format (WIF)

WifSolverCuda Tool for solving misspelled or damaged Bitcoin Private Key in Wallet Import Format (WIF) Usage: WifSolverCuda [-d deviceId] [-b NbBlocks

null 16 Jun 20, 2022
Love 6's Regular Expression Engine. Support Concat/Select/Closure Basic function. Hope u can enjoy this tiny engine :)

Regex_Engine Love 6's Blog Website: https://love6.blog.csdn.net/ Love 6's Regular Expression Engine Hope u can love my tiny regex engine :) maybe a fe

Love6 2 May 24, 2022
Collection of DLL function export forwards for DLL export function proxying

dll-exports Collection of DLL function export forwards for DLL export function proxying. Typical usecase is for backdooring applications for persisten

Magnus Stubman 35 Jul 1, 2022
C-function for traversing files/directories effectively and calling a given function with each encountered file and a void-pointer as parameters

C-function for traversing files/directories effectively and calling a given function with each encountered file and a void-pointer as parameters

null 1 Jun 27, 2022
Improved version of the X-Ray Engine, the game engine used in the world-famous S.T.A.L.K.E.R. game series by GSC Game World.

OpenXRay OpenXRay is an improved version of the X-Ray Engine, the game engine used in the world-famous S.T.A.L.K.E.R. game series by GSC Game World. S

null 2k Aug 10, 2022
Two Tribes Engine; the engine which we used to create Toki Tori 2+ and RIVE with

Two Tribes Engine We, Two Tribes, have used this engine for over a decade. It started with early development on the Nintendo DS and ultimately resulte

Two Tribes 117 Jun 21, 2022
The merge() function is used for merging two halves

The merge() function is used for merging two halves. The merge(arr, l, m, r) is a key process that assumes that arr[l..m] and arr[m+1..r] are sorted and merges the two sorted sub-arrays into one. See the following C implementation for details.

Pranit Puri 2 Nov 16, 2021
The function is based on MQTT. When the original serial of ESP8266/ESP32 cannot be used, it can replace serial print.

MqttPrint and MqttMonitor The function is based on MQTT. When the original serial of ESP8266/ESP32 cannot be used, it can replace serial print. MqttPr

fw-box 3 Jan 10, 2022