Files push.

Author: void-stack

.gitignore

@@ -0,0 +1,5 @@
+bin/
+obj/
+/packages/
+riderModule.iml
+/_ReSharper.Caches/

VMUnprotect.Dumper/Program.cs

@@ -0,0 +1,51 @@
+// See https://aka.ms/new-console-template for more information
+using AsmResolver.IO;
+using AsmResolver.PE.File;
+using System;
+using System.IO;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+const string asciiArt = @"
+_________                __                 
+\_   ___ \  ____________/  |_  ____ ___  ___
+/    \  \/ /  _ \_  __ \   __\/ __ \\  \/  /
+\     \___(  <_> )  | \/|  | \  ___/ >    < 
+ \______  /\____/|__|   |__|  \___  >__/\_ \
+        \/                        \/      \/
+                VMUnprotect.Dumper
+          https://github.com/void-stack
+            Credits: wwh1004, MrToms
+";
+                
+Console.Title = "VMUnprotect.Dumper";
+Console.WriteLine(asciiArt);
+
+if (args.Length > 0 && File.Exists(args[0])) {
+    var target = args[0];
+    var output = $"{Path.GetFileNameWithoutExtension(target)}-decrypted.exe";
+    var assembly = Assembly.LoadFile(target);
+    var moduleHandle = assembly.ManifestModule.ModuleHandle;
+
+    Console.WriteLine("[+] Decrypting methods");
+    RuntimeHelpers.RunModuleConstructor(moduleHandle);
+    var hInstanceFixed = Marshal.GetHINSTANCE(assembly.ManifestModule);
+
+    Console.WriteLine("[+] Reading decrypted module");
+    var decryptedPeFile = PEFile.FromModuleBaseAddress(hInstanceFixed);
+
+    foreach (var section in decryptedPeFile.Sections)
+        Console.WriteLine("[+] Sections: " + section.Name);
+
+    Console.WriteLine("[+] Writing file");
+    using (var fs = File.Create(output)) {
+        decryptedPeFile.Write(new BinaryStreamWriter(fs));
+    }
+
+    Console.WriteLine("[+] Decrypted all methods!");
+}
+else 
+    Console.WriteLine("File either doesn't exist or you didn't provide it (VMProtect.Dumper File.exe)");
+
+Console.ReadKey();

VMUnprotect.Dumper/README.md

@@ -0,0 +1,36 @@
+<p align="center">
+  <img width="256" heigth="256" src="docs\vmup.png">
+<h1 align="center">VMUnprotect.Dumper</h1>
+<p align="center">
+  <strong>VMUnprotect.Dumper</strong> is a project engaged in hunting tampered <a href="https://vmpsoft.com">VMProtect</a> assemblies. It makes use of <a href="https://github.com/pardeike/Harmony">AsmResolver</a> to dynamically untamper <strong>VMP</strong> protected assembly. Works on <a href="https://vmpsoft.com/20210919/vmprotect-3-5-1/">VMProtect 3.5.1</a> (Latest) and few versions back.
+</p>
+</p>
+<p align="center">
+  <img src="https://forthebadge.com/images/badges/built-with-love.svg" alt="appveyor-ci" />
+  <img src="https://forthebadge.com/images/badges/made-with-c-sharp.svg" alt="appveyor-ci" />
+</p>
+</p>
+
+</br></br>
+# Before and after usage of VMUnprotect.Dumper
+<img src="docs/protected.png" width="49%" height="390px" style="display:inline;">
+<div style="display:inline;width:5px;"></div>
+<img src="docs/decrypted.png" width="49%" height="390px" style="display:inline;">
+
+
+# Usage
+```sh
+VMUnprotect.Dumper.exe example.vmp.exe
+```
+
+
+
+# Credits
+* [wwh1004](https://github.com/wwh1004) - Idea.
+* [(Discord) MrToms#1244]() - Resources
+
+This tool uses the following (open source) software:
+* [AsmResolver](https://github.com/Washi1337/AsmResolver) by [Washi](https://github.com/Washi1337), licensed under the MIT license, for reading/writing assemblies.
+
+## Want to support this project?
+BTC: bc1q048wrqztka5x2syt9mtj68uuf73vqry60s38vf

VMUnprotect.Dumper/VMUnprotect.Dumper.csproj

@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <OutputType>Exe</OutputType>
+        <TargetFramework>netcoreapp3.1</TargetFramework>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <Nullable>enable</Nullable>
+        <LangVersion>10</LangVersion>
+    </PropertyGroup>
+
+    <ItemGroup>
+      <PackageReference Include="AsmResolver" Version="4.8.0" />
+      <PackageReference Include="AsmResolver.DotNet" Version="4.8.0" />
+      <PackageReference Include="AsmResolver.PE" Version="4.8.0" />
+    </ItemGroup>
+
+</Project>

VMUnprotect.Dumper/docs/decrypted.png

@@ -0,0 +1,16 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMUnprotect.Dumper", "VMUnprotect.Dumper\VMUnprotect.Dumper.csproj", "{7E00C6C0-731D-4E9F-BDDE-BC805A525A0E}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{7E00C6C0-731D-4E9F-BDDE-BC805A525A0E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{7E00C6C0-731D-4E9F-BDDE-BC805A525A0E}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{7E00C6C0-731D-4E9F-BDDE-BC805A525A0E}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{7E00C6C0-731D-4E9F-BDDE-BC805A525A0E}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal