add some improvements

logs are now saved to VMUP_Logs, added function to restore all hooks.

Author: void-stack

README.md

@@ -18,13 +18,15 @@
 ```sh
 VMUnprotect.exe 
   -f, --file             Required. Path to file.
-  --usetranspiler        (Default: false) Use an older method that makes use of Transpiler (not recommended).
   --enableharmonylogs    (Default: false) Disable or Enable logs from Harmony.
   --bypassantidebug      (Default: false) Bypass VMProtect Anti Debug.
   --help                 Display this help screen.
   --version              Display version information.
 ```
 
+### Doesn't work? Make sure you dump the file before with:
+* [VMUnprotect.Dumper](https://github.com/void-stack/VMUnprotect.Dumper)
+
 # Supported Protections
 Note: ***All Supported Protections are working combined***
 
@@ -38,69 +40,45 @@ Virtualization Tools    | ✓
 Strip Debug Information | ✓  
 Pack the Output File    | ✓ 
 
-# Usage can be found in ```MiddleMan```
-```csharp
-using HarmonyLib;
-using System.Diagnostics;
-using System.Reflection;
-using VMUnprotect.Core.Abstraction;
-using VMUnprotect.Core.Helpers;
-
-namespace VMUnprotect.Core.MiddleMan {
-    /// <summary>
-    ///     Works as Middle Man to make life easier
-    /// </summary>
-    public static class UnsafeInvokeMiddleMan {
-        private static readonly ILogger ConsoleLogger = Engine.Logger;
-
-        /// <summary>
-        ///     A prefix is a method that is executed before the original method
-        /// </summary>
-        public static void Prefix(ref object __instance, ref object obj, ref object[] parameters, ref object[] arguments) {
-            var virtualizedMethodName = new StackTrace().GetFrame(7).GetMethod();
-            var method = (MethodBase) __instance;
-
-            ConsoleLogger.Print("VMP MethodName: {0} (MDToken {1:X4})", virtualizedMethodName.FullDescription(), virtualizedMethodName.MetadataToken.ToString());
-            ConsoleLogger.Print("MethodName: {0}", method.Name);
-            ConsoleLogger.Print("FullDescription: {0}", method.FullDescription());
-            ConsoleLogger.Print("MethodType: {0}", method.GetType());
-            
-            if (obj is not null)
-                ConsoleLogger.Print("Obj: {0}", obj.GetType());
-
-            // Loop through parameters and log them
-            for (var i = 0; i < parameters.Length; i++) {
-                var parameter = parameters[i];
-                ConsoleLogger.Print("Parameter ({1}) [{0}]: ({2})", i, parameter.GetType(), Formatter.FormatObject(parameter));
-            }
-
-            var returnType = method is MethodInfo info ? info.ReturnType.FullName : "System.Object";
-            ConsoleLogger.Print("MDToken: 0x{0:X4}", method.MetadataToken);
-            ConsoleLogger.Print("Return Type: {0}", returnType ?? "null");
-        }
-
-        /// <summary>
-        ///     A postfix is a method that is executed after the original method
-        /// </summary>
-        public static void Postfix(ref object __instance, ref object __result, ref object obj, ref object[] parameters, ref object[] arguments) {
-            ConsoleLogger.Print("Returns: {0}", __result);
-        }
-    }
-}
-```
-
 ## Current Features
 - Tracing invokes in virtualized methods.
 - Manipulating parameters and return values.
 - Bypass NtQueryInformationProcess, IsLogging, get_IsAttached
 
+## Usage can be found in VMUnprotect.Runtime.MiddleMan
+```csharp
+/// <summary>
+/// A prefix is a method that is executed before the original method
+/// </summary>
+public bool Prefix(ref object __result, ref object __instance, ref object obj, ref object[] parameters, ref object[] arguments) {
+    var virtualizedMethodName = new StackTrace().GetFrame(7).GetMethod();
+    var method = (MethodBase) __instance;
+    Logger.Print("VMP MethodName: {0} (MDToken 0x{1:X4})", virtualizedMethodName.FullDescription(),
+                 virtualizedMethodName.MetadataToken.ToString());
+    Logger.Print("MethodName: {0}", method.Name);
+    Logger.Print("FullDescription: {0}", method.FullDescription());
+    Logger.Print("MethodType: {0}", method.GetType());
+    // ReSharper disable once ConditionIsAlwaysTrueOrFalse
+    if (obj is not null)
+        Logger.Print("Obj: {0}", Formatter.FormatObject(obj));
+    // Loop through parameters and log them
+    for (var i = 0; i < parameters.Length; i++) {
+        var parameter = parameters[i];
+        Logger.Print("Parameter ({1}) [{0}]: ({2})", i, parameter.GetType(), Formatter.FormatObject(parameter));
+    }
+    var returnType = method is MethodInfo info ? info.ReturnType.FullName : "System.Object";
+    Logger.Print("MDToken: 0x{0:X4}", method.MetadataToken);
+    Logger.Print("Return Type: {0}", returnType ?? "null");
+    return true;
+}
 
-## Todo
-- Change this to support more VM's
-- VMP Stack tracing
-- Bypass VMP Debugger Detection ✓
-- Bypass VMP CRC Check
-- Nice WPF GUI
+/// <summary>
+///  A postfix is a method that is executed after the original method
+/// </summary>
+public void Postfix(ref object __instance, ref object __result, ref object obj, ref object[] parameters, ref object[] arguments) {
+    Logger.Print("Returns: {0}", __result);
+}
+```
 
 # FAQ
 ### What is code virtualization? 
@@ -109,14 +87,24 @@ As VMProtect describes it on their's website. Code virtualization is the next st
 ### Can it devirtualize VMP?
 No, isn't even meant for devirtualization.
 
+Todo                             | Done
+---------------------------------|---------
+Change this to support more VM's | X
+VMP Stack tracing                | X 
+Bypass VMP Debugger Detection    | ✓  
+Bypass VMP CRC Check             | X  
+WPF GUI                          | X 
+
 # Credits
 * [Washi](https://github.com/Washi1337) Overall credits for the project and inspiration with UnsafeInvokeInternal, thanks <3
 
 This tool uses the following (open source) software:
 * [dnlib](https://github.com/0xd4d/dnlib) by [0xd4d](https://github.com/0xd4d), licensed under the MIT license, for reading/writing assemblies.
 * [Harmony](https://github.com/pardeike/Harmony) by [Andreas Pardeike](https://github.com/pardeike), licensed under the MIT license
 * [Serilog](https://github.com/serilog/serilog) provides diagnostic logging to files, the console, and elsewhere. It is easy to set up, has a clean API.
+* [commandline](https://github.com/commandlineparser/commandline) offers CLR applications a clean and concise API for manipulating command line arguments and related tasks
+* [Autofac](https://github.com/autofac/Autofac) Autofac is an IoC container for Microsoft .NET. It manages the dependencies between classes so that applications stay easy to change as they grow in size and complexity. This is achieved by treating regular .NET classes as components.
 
-
-## Want to support this project?
-BTC: bc1q048wrqztka5x2syt9mtj68uuf73vqry60s38vf
+## 💵 Want to buy me a Coffee?
+     - Donate BTC at `bc1q048wrqztka5x2syt9mtj68uuf73vqry60s38vf`
+     - Donate ETH at `0x86b2C17C94A1E6f35d498d17a37dc1f8A715139b`

VMUP/VMUnprotect.Runtime/General/ContainerConfig.cs

@@ -20,7 +20,6 @@ public static IContainer Configure(ILogger logger, Project project, CommandLineO
             Builder.RegisterType<HooksManager>().As<IHooksManager>().SingleInstance();
 
             Builder.RegisterType<UnsafeInvokeMiddleMan>().As<IUnsafeInvokeMiddleMan>().SingleInstance();
-
             Builder.RegisterType<NtQueryInformationProcessPatch>().As<INtQueryInformationProcessPatch>().SingleInstance();
 
             Builder.RegisterModule(new VmProtectPatchesModule());

VMUP/VMUnprotect.Runtime/General/Engine.cs

@@ -1,5 +1,6 @@
 using Autofac;
 using HarmonyLib;
+using System;
 using System.Diagnostics;
 using System.Runtime.CompilerServices;
 using VMUnprotect.Runtime.Hooks;
@@ -32,17 +33,19 @@ internal static void Run(Project project) {
 
             using var scope = Container.BeginLifetimeScope();
             ctx.Scope = scope;
-
+            
             logger.Debug("Applying VMProtect hooks...");
             hooks.Initialize();
             hooks.ApplyHooks();
-
+       
+            
             logger.Debug("Invoking Target...");
             InvokeTarget(ctx, logger);
 
             stopwatch.Stop();
             logger.Info("Finished all tasks in {0}", stopwatch.Elapsed);
-            ctx.Scope.Dispose();
+            logger.Info("Restoring Hooks...");
+            hooks.RestoreAll();
         }
 
         private static void InvokeTarget(Context ctx, ILogger logger) {

VMUP/VMUnprotect.Runtime/General/Project.cs

@@ -15,6 +15,8 @@ public void Run(ILogger logger, CommandLineOptions options) {
             }
 
             Engine.Initialize(this, logger, options);
+
+            
             Engine.Run(this);
         }
     }

VMUP/VMUnprotect.Runtime/Hooks/HooksManager.cs

@@ -1,5 +1,6 @@
 using Autofac;
 using HarmonyLib;
+using System;
 using System.Collections.Generic;
 using VMUnprotect.Runtime.General;
 using VMUnprotect.Runtime.Helpers;
@@ -13,6 +14,21 @@ public class HooksManager : Params, IHooksManager
 
         public HooksManager(Context ctx, ILogger logger) : base(ctx, logger) { }
 
+        public void RestoreAll()
+        {
+            if (!_isApplied)
+            {
+                return;
+            }
+
+            foreach (var patch in Ctx.Scope.Resolve<IEnumerable<IVmupHook>>()) {
+                Logger.Debug($"Restoring hook {patch.GetType().Name}");
+                patch.Restore(_harmony);
+            }
+
+            _isApplied = false;
+        }
+
         public void Initialize() {
             if (_isApplied)
                 return;
@@ -28,7 +44,11 @@ public void ApplyHooks() {
 
             foreach (var patch in Ctx.Scope.Resolve<IEnumerable<IVmupHook>>()) {
                 Logger.Debug($"Applying hook {patch.GetType().Name}");
-                patch.Patch(_harmony);
+                try {
+                    patch.Patch(_harmony);
+                } catch (Exception e) {
+                    Logger.Error($"Error patching {patch.GetType().Name}. Error: {e.Message}");
+                }
             }
 
             Logger.Info("Completed!");
@@ -39,5 +59,6 @@ public interface IHooksManager
     {
         void Initialize();
         void ApplyHooks();
+        void RestoreAll();
     }
 }

VMUP/VMUnprotect.Runtime/Hooks/Methods/AntiDebug/DebugIsAttachedPatch.cs

@@ -28,9 +28,5 @@ public override void Patch(Harmony instance) {
             if (Ctx.Options.BypassAntiDebug)
                 PatchTranspiler(instance, TargetMethod);
         }
-
-        public override void Restore(Harmony instance) {
-            //Logger.Debug("Not implemented...");
-        }
     }
 }

VMUP/VMUnprotect.Runtime/Hooks/Methods/AntiDebug/DebugIsLoggingPatch.cs

@@ -28,9 +28,5 @@ public override void Patch(Harmony instance) {
             if (Ctx.Options.BypassAntiDebug)
                 PatchTranspiler(instance, TargetMethod);
         }
-
-        public override void Restore(Harmony instance) {
-            //Logger.Debug("Not implemented...");
-        }
     }
 }

VMUP/VMUnprotect.Runtime/Hooks/Methods/AssemblyFix/GetCallingAssemblyPatch.cs

@@ -24,9 +24,5 @@ public static void Postfix(ref Assembly __result) {
         public override void Patch(Harmony instance) {
             PatchPostfix(instance, TargetMethod);
         }
-
-        public override void Restore(Harmony instance) {
-            //Logger.Debug("Not implemented...");
-        }
     }
 }

VMUP/VMUnprotect.Runtime/Hooks/Methods/AssemblyFix/GetEntryAssemblyPatch.cs

@@ -25,8 +25,5 @@ public override void Patch(Harmony instance) {
             PatchPostfix(instance, TargetMethod);
         }
 
-        public override void Restore(Harmony instance) {
-            //Logger.Debug("Not implemented...");
-        }
     }
 }

VMUP/VMUnprotect.Runtime/Hooks/Methods/AssemblyFix/GetExecutingAssemblyPatch.cs

@@ -24,9 +24,5 @@ public static void Postfix(ref Assembly __result) {
         public override void Patch(Harmony instance) {
             PatchPostfix(instance, TargetMethod);
         }
-
-        public override void Restore(Harmony instance) {
-            //Logger.Debug("Not implemented...");
-        }
     }
 }