Update for VMProtect 3.6.0

+ Search for pattern in 3.6.0
+ Fixed --bypassantidebug crashing
- Removed Costura

Author: void-stack

VMUP/VMUnprotect.Runtime/General/Engine.cs

@@ -1,6 +1,5 @@
 using Autofac;
 using HarmonyLib;
-using System;
 using System.Diagnostics;
 using System.Runtime.CompilerServices;
 using VMUnprotect.Runtime.Hooks;
@@ -33,12 +32,12 @@ internal static void Run(Project project) {
 
             using var scope = Container.BeginLifetimeScope();
             ctx.Scope = scope;
-            
+
             logger.Debug("Applying VMProtect hooks...");
             hooks.Initialize();
             hooks.ApplyHooks();
-       
-            
+
+
             logger.Debug("Invoking Target...");
             InvokeTarget(ctx, logger);
 

VMUP/VMUnprotect.Runtime/General/Project.cs

@@ -16,7 +16,7 @@ public void Run(ILogger logger, CommandLineOptions options) {
 
             Engine.Initialize(this, logger, options);
 
-            
+
             Engine.Run(this);
         }
     }

VMUP/VMUnprotect.Runtime/Hooks/HooksManager.cs

@@ -14,12 +14,9 @@ public class HooksManager : Params, IHooksManager
 
         public HooksManager(Context ctx, ILogger logger) : base(ctx, logger) { }
 
-        public void RestoreAll()
-        {
+        public void RestoreAll() {
             if (!_isApplied)
-            {
                 return;
-            }
 
             foreach (var patch in Ctx.Scope.Resolve<IEnumerable<IVmupHook>>()) {
                 Logger.Debug($"Restoring hook {patch.GetType().Name}");

VMUP/VMUnprotect.Runtime/Hooks/Methods/AntiDebug/NtQueryInformationProcessPatch.cs

@@ -7,7 +7,7 @@ namespace VMUnprotect.Runtime.Hooks.Methods.AntiDebug
 {
     public class NtQueryInformationProcessPatch : Params, INtQueryInformationProcessPatch
     {
-        private IntPtr _ntQueryInformationProcessPtr = new(0);
+        private IntPtr _ntQueryInformationProcessPtr = new(0x0);
         public NtQueryInformationProcessPatch(Context ctx, ILogger logger) : base(ctx, logger) { }
         private Delegate NtQueryInformationProcessDelegate { get; set; }
 
@@ -30,7 +30,8 @@ public void GetDelegateForFunctionPointer(object __result, object[] parameters)
             if (parameters.Any(x => x.Equals("NtQueryInformationProcess")))
                 _ntQueryInformationProcessPtr = (IntPtr) __result;
 
-            if (parameters.Any(x => x.Equals(_ntQueryInformationProcessPtr)))
+            if (parameters.Any(x => x.Equals(_ntQueryInformationProcessPtr) &&
+                                    _ntQueryInformationProcessPtr != new IntPtr(0x0)))
                 NtQueryInformationProcessDelegate = (Delegate) __result;
         }
     }

VMUP/VMUnprotect.Runtime/Hooks/Methods/AssemblyFix/GetEntryAssemblyPatch.cs

@@ -24,6 +24,5 @@ public static void Postfix(ref Assembly __result) {
         public override void Patch(Harmony instance) {
             PatchPostfix(instance, TargetMethod);
         }
-
     }
 }

VMUP/VMUnprotect.Runtime/Hooks/VmUnprotectPatch.cs

@@ -11,17 +11,16 @@ namespace VMUnprotect.Runtime.Hooks
     public abstract class VmUnprotectPatch : Params, IVmupHook
     {
         private readonly List<MethodBase> _activePatches = new();
-        
+
         protected VmUnprotectPatch(Context ctx, ILogger logger) : base(ctx, logger) { }
 
         public abstract void Patch(Harmony harmony);
 
-        public void Restore(Harmony harmony)
-        {
+        public void Restore(Harmony harmony) {
             foreach (var targetMethod in _activePatches)
                 harmony.Unpatch(targetMethod, HarmonyPatchType.All, harmony.Id);
         }
-        
+
         private HarmonyMethod GetHarmonyMethod(string methodName) {
 
             var method = AccessTools.DeclaredMethod(GetType(), methodName);
@@ -77,7 +76,7 @@ private void PatchMultiple(
 
             harmony.Patch(targetMethod, harmonyPrefixMethod, harmonyPostfixMethod, harmonyTranspilerMethod,
                           harmonyFinalizerMethod);
-            
+
             _activePatches.Add(targetMethod);
         }
     }

VMUP/VMUnprotect.Runtime/Structure/VmRuntimeAnalyzer.cs

@@ -17,9 +17,6 @@ public void Discover() {
             if (functionHandler is null || vmTypeDef is null)
                 throw new ApplicationException("Could not locate VmProtectFunctionHandler.");
 
-            Logger.Debug("Found VmTypeDef, MDToken 0x{0:X4}", vmTypeDef.MDToken);
-            Logger.Debug("Found VMPFunctionHandler, MDToken 0x{0:X4}", functionHandler.MDToken);
-
             Ctx.VmRuntimeStructure = new VmRuntimeStructure {
                 FunctionHandler = functionHandler,
                 VmTypeDef = vmTypeDef
@@ -46,19 +43,41 @@ private static (MethodDef vmpHandler, TypeDef vmTypeDef) LocateVmHandlerAndTypDe
             TypeDef vmTypeDef = null;
 
             foreach (var type in module.GetTypes()) {
+                // search pattern for 3.5.1 and older
                 vmpHandler = type.Methods.Where(IsVmpFunctionHandler)
-                                 .FirstOrDefault(method => new LocalTypes(method).All(VmpFunctionHandlerLocals));
+                                 .FirstOrDefault(method => new LocalTypes(method).All(VmpFunctionHandlerLocals)) ?? type.Methods
+                    // Search for pattern in 3.6.0
+                    .Where(IsVmpFunctionHandlerNew)
+                    .FirstOrDefault(method => new LocalTypes(method).All(VmpFunctionHandlerLocals));
 
                 if (vmpHandler == null)
                     continue;
 
                 vmTypeDef = type;
+
+                Logger.Info("Found VmTypeDef, MDToken 0x{0:X4}", vmTypeDef.MDToken);
+                Logger.Info("Found VMPFunctionHandler, MDToken 0x{0:X4}", vmpHandler.MDToken);
                 break;
             }
 
+            if (vmpHandler is null) {
+                Logger.Error("Could not find VMP Method handler? Are you using supported version of VMP?");
+                Console.ReadKey();
+            }
+
             return (vmpHandler, vmTypeDef);
         }
 
+        /// <summary>
+        ///     Checks RetType and Params, etc of MethodDef
+        /// </summary>
+        /// <param name="method"></param>
+        /// <returns>Does method match the requirements</returns>
+        private static bool IsVmpFunctionHandlerNew(MethodDef method) {
+            return method is {IsStatic: false} && method.MethodSig.GetParamCount() == 0;
+        }
+
+
         /// <summary>
         ///     Checks RetType and Params, etc of MethodDef
         /// </summary>
@@ -70,7 +89,6 @@ private static bool IsVmpFunctionHandler(MethodDef method) {
                    method.MethodSig.Params[0].GetElementType() == ElementType.Class &&
                    method.MethodSig.Params[1].GetElementType() == ElementType.Boolean;
         }
-
     #endregion
     }
 

VMUP/VMUnprotect/Program.cs

@@ -20,7 +20,7 @@ ____   ____  ____    ____  _____  _____  _______
        	   \ ' /     _| |_\/_| |_    \ \__/ /    _| |_     
        	    \_/     |_____||_____|    `.__.'    |_____|
              https://github.com/void-stack/VMUnprotect
-       	     VMUnprotect Ultimate v 3.5.1                     
+       	     VMUnprotect Ultimate v 3.6.0                     
         ";
 
         public static void Main(string[] args) {
@@ -36,8 +36,9 @@ public static void Main(string[] args) {
                       var fullPath = Path.GetFullPath(options.FilePath!);
 
                       var logger = new ConsoleLogger(fileName);
-                      logger.Info("Doesn't work? Make sure you dump the file before with: https://github.com/void-stack/VMUnprotect.Dumper");
-                      
+                      logger.Info(
+                          "Doesn't work? Make sure you dump the file before with: https://github.com/void-stack/VMUnprotect.Dumper");
+
                       var project = new Project {
                           TargetFilePath = fullPath
                       };

VMUP/VMUnprotect/Utils/ConsoleLogger.cs

@@ -14,7 +14,7 @@ public class ConsoleLogger : ILogger
         public ConsoleLogger(string filename) {
             if (Directory.Exists("VMUP_Logs"))
                 Directory.CreateDirectory("VMUP_Logs");
-            
+
             _logger = new LoggerConfiguration().WriteTo.File($"VMUP_Logs\\{filename}_{DateTime.Now:HH-mm-ss}.vmuplog")
                                                .WriteTo.Console(theme: AnsiConsoleTheme.Grayscale)
                                                .MinimumLevel.Verbose()

VMUP/VMUnprotect/VMUnprotect.csproj

@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-    <Import Project="..\packages\Costura.Fody.5.7.0\build\Costura.Fody.props" Condition="Exists('..\packages\Costura.Fody.5.7.0\build\Costura.Fody.props')"/>
     <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')"/>
     <PropertyGroup>
         <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@@ -46,10 +45,6 @@
             <HintPath>..\packages\CommandLineParser.2.9.0-preview1\lib\net461\CommandLine.dll</HintPath>
             <Private>True</Private>
         </Reference>
-        <Reference Include="Costura, Version=5.7.0.0, Culture=neutral, PublicKeyToken=null">
-            <HintPath>..\packages\Costura.Fody.5.7.0\lib\netstandard1.0\Costura.dll</HintPath>
-            <Private>True</Private>
-        </Reference>
         <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=1.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51">
             <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.1.1.0\lib\net461\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
             <Private>True</Private>
@@ -218,16 +213,6 @@
         </ProjectReference>
     </ItemGroup>
     <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets"/>
-    <Import Project="..\packages\Fody.6.5.5\build\Fody.targets" Condition="Exists('..\packages\Fody.6.5.5\build\Fody.targets')"/>
-    <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
-        <PropertyGroup>
-            <ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105.The missing file is {0}.</ErrorText>
-        </PropertyGroup>
-        <Error Condition="!Exists('..\packages\Fody.6.5.5\build\Fody.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Fody.6.5.5\build\Fody.targets'))"/>
-        <Error Condition="!Exists('..\packages\Costura.Fody.5.7.0\build\Costura.Fody.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Costura.Fody.5.7.0\build\Costura.Fody.props'))"/>
-        <Error Condition="!Exists('..\packages\Costura.Fody.5.7.0\build\Costura.Fody.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Costura.Fody.5.7.0\build\Costura.Fody.targets'))"/>
-    </Target>
-    <Import Project="..\packages\Costura.Fody.5.7.0\build\Costura.Fody.targets" Condition="Exists('..\packages\Costura.Fody.5.7.0\build\Costura.Fody.targets')"/>
     <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
            Other similar extension points exist, see Microsoft.Common.targets.
       <Target Name="BeforeBuild">