admin/toolkit
1
0
Fork 0
mirror of https://github.com/indetectables-net/toolkit.git synced 2025-06-22 02:40:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changes in tool list docs

Browse Source
This commit is contained in:
DSR! 2024-06-17 20:52:25 -03:00
parent 7ffa7a881f
commit a7b1efbb9a
2 changed files with 58 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
TOOLS-LITE.md
View File

@ -2,14 +2,14 @@
This toolkit is organised into categories to help you find the tools you need quickly and efficiently. Each category contains powerful applications designed for specific tasks, from analysis to unpacking and everything in between.
1. [🧪 Analysis](#analysis)
1. [🔧 Decompilers](#decompilers)
1. [🛠 Dissasembler](#dissasembler)
1. [🖋 Hex editor](#hex-editor)
1. [📊 Monitor](#monitor)
1. [🧩 Other](#other)
1. [⏪ Reverse](#reverse)
1. [📦 Unpacking](#unpacking)
1. [🧪 Analysis](#-analysis)
1. [🔧 Decompilers](#-decompilers)
1. [🛠 Dissasembler](#-dissasembler)
1. [🖋 Hex editor](#-hex-editor)
1. [📊 Monitor](#-monitor)
1. [🧩 Other](#-other)
1. [⏪ Reverse](#-reverse)
1. [📦 Unpacking](#-unpacking)
## 🧪 Analysis
@ -36,7 +36,7 @@ A collection of tools designed to deeply analyze and interpret software and data
- **Description:** PE-bear is a freeware reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.
### PEiD (with plugins and databases)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://web.archive.org/web/20110924071419/http://www.peid.info/
- **Developer:** snaker
- **Description:** PEiD (short for PE iDentifier) is a well-known professional, extensible packer/cryptor/compiler detecting tool. Its so powerful that it can detect the types/signatures of almost any PE file packing tools (at present, the number has been more than 600 kinds)
@ -47,7 +47,7 @@ A collection of tools designed to deeply analyze and interpret software and data
- **Description:** The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. The tool is used by Computer Emergency Response Teams (CERT), Security Operations Centers (SOC) and Digital-Forensic Labs worldwide.
### ProtectionID
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://web.archive.org/web/20210331144912/https://protectionid.net/
- **Developer:** CDKiller & TippeX
- **Description:** PiD Team's Protection ID started as a PC game protection detector, and quickly became a swiss-army knife to detect packers & .NET protections.
@ -67,13 +67,13 @@ Tools for decompiling binaries to source code.
- **Description:** Dex to Java decompiler: command line and GUI tools for producing Java source code from Android Dex and Apk files
### [DELPHI] Dede
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://code.google.com/archive/p/dedex/
- **Developer:** DaFixer
- **Description:** DeDe is a very fast program that can analize executables compiled with Delphi 3,4,5,6, C++Builder and Kylix and give you all dfm files on the target, every published method in well-commented Assembler, and lots of other information.-
### [DOTNET] GrayWolf
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://web.archive.org/web/20181114171712/http://www.digitalbodyguard.com/graywolf.html
- **Developer:** DigitalBodyGuard
- **Description:** GrayWolf is a reverse engineering tool focused on .NET Framework Applications. It can de-obfuscate binaries, live-edit IL, add payloads, edit attributes, and copy strong names signing on EXE/DLL.
@ -103,25 +103,25 @@ Tools for decompiling binaries to source code.
Resources and tools to disassemble compiled programs.
### BDASM
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** www.bsasm.com (closed)
- **Developer:** Manuel Jiménez
- **Description:** BDASM is a multi-cpu, multi format file disassembler for Windows. Currently it supports ELF, X-Box, PE and raw binary files. The CPU support includes the Intel x86 16/32bits processor family up to SSE2 instructions, and PowerPc 603,604 32bits CPUs.
### Ghidra
- ***Note:*** Available using the extra called: Ghidra
- ***Note:*** Available using the extra called: **Ghidra**
- **Web:** https://ghidra-sre.org/
- **Developer:** NSA
- **Description:** Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms.
### OllyDbg 1.10 (with plugins and scripts)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://www.ollydbg.de
- **Developer:** Oleh Yuschuk
- **Description:** OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. It has a user friendly interface, and its functionality can be extended by third-party plugins.
### w32Dasm (with all versions)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** http://members.home.net/w32dasm/ (closed)
- **Developer:** URSoftware
- **Description:** W32DASM is a disassembler: a tool made to translate machine language back into assembly language. It's ideal for those interested in reverse engineering, who want to take code apart and find out how it works.
@ -212,7 +212,7 @@ Miscellaneous tools that don't fit into the other categories.
- **Description:** Open-source, cross-platform Qt based IDE for reverse-engineering Android application packages.
### AVFucker
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** www.indetectables.net
- **Developer:** Sr Sombrero
- **Description:** AVFucker is a tool that helps you evade Antivirus using the “replace byte signature” technique.
@ -233,7 +233,7 @@ Miscellaneous tools that don't fit into the other categories.
- **Description:** Dynamic unpacker based on PE-sieve. It deploys a packed malware, waits for it to unpack the payload, dumps the payload, and kills the original process.
### Indetectables Offset Locator
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://www.indetectables.net/viewtopic.php?t=29725
- **Developer:** Mingo, Yorll & Metal
- **Description:** This is a classic, great tool to clean AV signatures in executables.
@ -254,7 +254,7 @@ Miscellaneous tools that don't fit into the other categories.
- **Description:** RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn't change the current system date and time of your computer, but it only injects the date/time that you specify into the desired application.
### ShowString
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** Unknown
- **Developer:** figugegl
- **Description:** This little tool shows all ASCII and UNICODE strings in a file. You can edit, copy, paste, sort, search and much more.
@ -299,7 +299,7 @@ Software and techniques for reversing engineering.
- **Description:** .NET Assembly Dumper
### ImpREC (with plugins)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** Unknown
- **Developer:** MackT/uCF
- **Description:** ImpRec is a very handy tool that can be used to repair/reconstruct the import table for packed programs.
@ -340,14 +340,14 @@ Utilities for unpacking and decompressing files and binaries.
Most of the obfuscation can be completely restored (eg. string encryption), but symbol renaming is impossible to restore since the original names aren't (usually) part of the obfuscated assembly.<br/>
### GUnPacker
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** Unknown
- **Developer:** Unknown
- **Description:** This tool is a generic unpacker. It has two main functionalities: (A) OEP positioning, and (B) the dumped code and data can be used to repair the follow-up of a PE header.
From Chinese developers. Competitor of Quick Unpack.
### NETUnpack
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://ntcore.com/?page_id=353
- **Developer:** Erik Pistelli (NTCore)
- **Description:** This is a program to dump .NET packed applications. Of course no serious .NET protection relies on packing. In fact, this software shows how easily you can unpack a protected assemly.
@ -359,7 +359,7 @@ From Chinese developers. Competitor of Quick Unpack.
QuickUnpack tries to bypass all possible scramblers/obfuscators and restores redirected import. From the version 1 the opportunity of unpacking dll is added. From the version 2 the attach process feature added which allows to use QuickUnpack as a dumper and import recoverer. Scripts are also supported from version 2 which allows unpacking of more complicated protections. Version 3 brought x64 support and hardware virtualization debugging engine. This makes QuickUnpack a unique software product which has no similar analogues in the world!
### RL!dePacker (with unpack SDK)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** http://www.reversinglabs.com
- **Developer:** Ap0x
- **Description:** Reversing Labs RL!dePacker has a build in option to detect OEP. However this option does not work with VB (always use FindOEP! function with VB applications and Force to manual OEP?) and some packers. So if RL!dePacker can not unpack the file use FindOEP! function to detect correct OEP, but use it only as a second resort since it can be jammed!
@ -372,31 +372,31 @@ Generic unpacker can unpack ONLY packers that do not use IAT redirection, that d
Unlike most archiving programs, UniExtract is not limited to **standard archives** such as `.zip` and `.rar`. It can also deal with **application installers**, **disk images** and even **game archives** and other **multimedia files**. An overview of supported file types can be found [here](https://github.com/Bioruebe/UniExtract2/blob/master/docs/FORMATS.md)
### VMUnpacker (with all versions)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://web.archive.org/web/20080318210939/http://dswlab.com/d3.html
- **Developer:** dswlab
- **Description:** This tool uses the technology of Virtual Machines. It can unpack various known & unknown shells. It is suitable for unpacking the shelled Trojan horse in virus analysis, and because all codes are run under the VM, they will not take any danger to your system.
### Magicmida
- ***Note:*** Available using the extra called: Unpacking
- ***Note:*** Available using the extra called: **Unpacking**
- **Web:** https://github.com/Hendi48/Magicmida
- **Developer:** Hendi48
- **Description:** Magicmida is a Themida auto-unpacker that works on some 32-bit applications. It works on all versions of Windows.
### NoVmp
- ***Note:*** Available using the extra called: Unpacking
- ***Note:*** Available using the extra called: **Unpacking**
- **Web:** https://github.com/can1357/NoVmp
- **Developer:** Can Bölük
- **Description:** A static devirtualizer for VMProtect x64 3.x powered by VTIL.
### VMUnprotect
- ***Note:*** Available using the extra called: Unpacking
- ***Note:*** Available using the extra called: **Unpacking**
- **Web:** https://github.com/void-stack/VMUnprotect
- **Developer:** voidstack
- **Description:** VMUnprotect is a project engaged in hunting virtualized VMProtect methods. It makes use of Harmony to dynamically read VMP behavior. Currently only supports method administration. Works on VMProtect 3.6.0 (Latest) and few versions back.
### VMUnprotect Dumper
- ***Note:*** Available using the extra called: Unpacking
- ***Note:*** Available using the extra called: **Unpacking**
- **Web:** https://github.com/void-stack/VMUnprotect.Dumper
- **Developer:** voidstack
- **Description:** VMUnprotect.Dumper is a project engaged in hunting tampered VMProtect assemblies. It makes use of AsmResolver to dynamically unpack VMP protected assembly. Works on VMProtect 3.7.0 (Latest) and few versions back.

60
TOOLS.md
View File

@ -2,16 +2,16 @@
This toolkit is organised into categories to help you find the tools you need quickly and efficiently. Each category contains powerful applications designed for specific tasks, from analysis to unpacking and everything in between.
1. [🧪 Analysis](#analysis)
1. [🔧 Decompilers](#decompilers)
1. [🛠 Dissasembler](#dissasembler)
1. [🖋 Hex editor](#hex-editor)
1. [📊 Monitor](#monitor)
1. [🎨 NFOMaker](#nfomaker)
1. [🧩 Other](#other)
1. [⏪ Reverse](#reverse)
1. [🛡 Rootkits detector](#rootkits-detector)
1. [📦 Unpacking](#unpacking)
1. [🧪 Analysis](#-analysis)
1. [🔧 Decompilers](#-decompilers)
1. [🛠 Dissasembler](#-dissasembler)
1. [🖋 Hex editor](#-hex-editor)
1. [📊 Monitor](#-monitor)
1. [🎨 NFOMaker](#-nfomaker)
1. [🧩 Other](#-other)
1. [⏪ Reverse](#-reverse)
1. [🛡 Rootkits detector](#-rootkits-detector)
1. [📦 Unpacking](#-unpacking)
## 🧪 Analysis
@ -43,7 +43,7 @@ A collection of tools designed to deeply analyze and interpret software and data
- **Description:** PE-bear is a freeware reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.
### PEiD (with plugins and databases)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://web.archive.org/web/20110924071419/http://www.peid.info/
- **Developer:** snaker
- **Description:** PEiD (short for PE iDentifier) is a well-known professional, extensible packer/cryptor/compiler detecting tool. Its so powerful that it can detect the types/signatures of almost any PE file packing tools (at present, the number has been more than 600 kinds)
@ -54,7 +54,7 @@ A collection of tools designed to deeply analyze and interpret software and data
- **Description:** The goal of pestudio is to spot artifacts of executable files in order to ease and accelerate Malware Initial Assessment. The tool is used by Computer Emergency Response Teams (CERT), Security Operations Centers (SOC) and Digital-Forensic Labs worldwide.
### ProtectionID
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://web.archive.org/web/20210331144912/https://protectionid.net/
- **Developer:** CDKiller & TippeX
- **Description:** PiD Team's Protection ID started as a PC game protection detector, and quickly became a swiss-army knife to detect packers & .NET protections.
@ -101,7 +101,7 @@ executables that have been packed and protected using AutoIt3Camo, Themida, Arma
- **Description:** Decompiles AutoIt v3+ Exe files.
### [DELPHI] Dede
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://code.google.com/archive/p/dedex/
- **Developer:** DaFixer
- **Description:** DeDe is a very fast program that can analize executables compiled with Delphi 3,4,5,6, C++Builder and Kylix and give you all dfm files on the target, every published method in well-commented Assembler, and lots of other information.-
@ -117,7 +117,7 @@ executables that have been packed and protected using AutoIt3Camo, Themida, Arma
- **Description:** dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
### [DOTNET] GrayWolf
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://web.archive.org/web/20181114171712/http://www.digitalbodyguard.com/graywolf.html
- **Developer:** DigitalBodyGuard
- **Description:** GrayWolf is a reverse engineering tool focused on .NET Framework Applications. It can de-obfuscate binaries, live-edit IL, add payloads, edit attributes, and copy strong names signing on EXE/DLL.
@ -152,7 +152,7 @@ executables that have been packed and protected using AutoIt3Camo, Themida, Arma
Resources and tools to disassemble compiled programs.
### BDASM
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** www.bsasm.com (closed)
- **Developer:** Manuel Jiménez
- **Description:** BDASM is a multi-cpu, multi format file disassembler for Windows. Currently it supports ELF, X-Box, PE and raw binary files. The CPU support includes the Intel x86 16/32bits processor family up to SSE2 instructions, and PowerPc 603,604 32bits CPUs.
@ -163,19 +163,19 @@ Resources and tools to disassemble compiled programs.
- **Description:** Cutter is a free and open-source reverse engineering platform powered by Rizin (fork of the radare2 reverse engineering framework). It aims at being an advanced and customizable reverse engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.
### Ghidra
- ***Note:*** Available using the extra called: Ghidra
- ***Note:*** Available using the extra called: **Ghidra**
- **Web:** https://ghidra-sre.org/
- **Developer:** NSA
- **Description:** Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms.
### OllyDbg 1.10 (with plugins and scripts)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://www.ollydbg.de
- **Developer:** Oleh Yuschuk
- **Description:** OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. It has a user friendly interface, and its functionality can be extended by third-party plugins.
### w32Dasm (with all versions)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** http://members.home.net/w32dasm/ (closed)
- **Developer:** URSoftware
- **Description:** W32DASM is a disassembler: a tool made to translate machine language back into assembly language. It's ideal for those interested in reverse engineering, who want to take code apart and find out how it works.
@ -330,7 +330,7 @@ Miscellaneous tools that don't fit into the other categories.
- **Description:** AstroGrep is a Microsoft Windows GUI File Searching (grep) utility. Its features include regular expressions, versatile printing options, stores most recent used paths and has a "context" feature which is very nice for looking at source code.
### AVFucker
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** www.indetectables.net
- **Developer:** Sr Sombrero
- **Description:** AVFucker is a tool that helps you evade Antivirus using the “replace byte signature” technique.
@ -351,7 +351,7 @@ Miscellaneous tools that don't fit into the other categories.
- **Description:** Dynamic unpacker based on PE-sieve. It deploys a packed malware, waits for it to unpack the payload, dumps the payload, and kills the original process.
### Indetectables Offset Locator
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://www.indetectables.net/viewtopic.php?t=29725
- **Developer:** Mingo, Yorll & Metal
- **Description:** This is a classic, great tool to clean AV signatures in executables.
@ -377,7 +377,7 @@ Miscellaneous tools that don't fit into the other categories.
- **Description:** RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn't change the current system date and time of your computer, but it only injects the date/time that you specify into the desired application.
### ShowString
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** Unknown
- **Developer:** figugegl
- **Description:** This little tool shows all ASCII and UNICODE strings in a file. You can edit, copy, paste, sort, search and much more.
@ -432,7 +432,7 @@ Software and techniques for reversing engineering.
- **Description:** .NET Assembly Dumper
### ImpREC (with plugins)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** Unknown
- **Developer:** MackT/uCF
- **Description:** ImpRec is a very handy tool that can be used to repair/reconstruct the import table for packed programs.
@ -507,14 +507,14 @@ Utilities for unpacking and decompressing files and binaries.
Most of the obfuscation can be completely restored (eg. string encryption), but symbol renaming is impossible to restore since the original names aren't (usually) part of the obfuscated assembly.<br/>
### GUnPacker
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** Unknown
- **Developer:** Unknown
- **Description:** This tool is a generic unpacker. It has two main functionalities: (A) OEP positioning, and (B) the dumped code and data can be used to repair the follow-up of a PE header.
From Chinese developers. Competitor of Quick Unpack.
### NETUnpack
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://ntcore.com/?page_id=353
- **Developer:** Erik Pistelli (NTCore)
- **Description:** This is a program to dump .NET packed applications. Of course no serious .NET protection relies on packing. In fact, this software shows how easily you can unpack a protected assemly.
@ -526,7 +526,7 @@ From Chinese developers. Competitor of Quick Unpack.
QuickUnpack tries to bypass all possible scramblers/obfuscators and restores redirected import. From the version 1 the opportunity of unpacking dll is added. From the version 2 the attach process feature added which allows to use QuickUnpack as a dumper and import recoverer. Scripts are also supported from version 2 which allows unpacking of more complicated protections. Version 3 brought x64 support and hardware virtualization debugging engine. This makes QuickUnpack a unique software product which has no similar analogues in the world!
### RL!dePacker (with unpack SDK)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** http://www.reversinglabs.com
- **Developer:** Ap0x
- **Description:** Reversing Labs RL!dePacker has a build in option to detect OEP. However this option does not work with VB (always use FindOEP! function with VB applications and Force to manual OEP?) and some packers. So if RL!dePacker can not unpack the file use FindOEP! function to detect correct OEP, but use it only as a second resort since it can be jammed!
@ -539,31 +539,31 @@ Generic unpacker can unpack ONLY packers that do not use IAT redirection, that d
Unlike most archiving programs, UniExtract is not limited to **standard archives** such as `.zip` and `.rar`. It can also deal with **application installers**, **disk images** and even **game archives** and other **multimedia files**. An overview of supported file types can be found [here](https://github.com/Bioruebe/UniExtract2/blob/master/docs/FORMATS.md)
### VMUnpacker (with all versions)
- ***Note:*** Available using the extra called: Oldies
- ***Note:*** Available using the extra called: **Oldies**
- **Web:** https://web.archive.org/web/20080318210939/http://dswlab.com/d3.html
- **Developer:** dswlab
- **Description:** This tool uses the technology of Virtual Machines. It can unpack various known & unknown shells. It is suitable for unpacking the shelled Trojan horse in virus analysis, and because all codes are run under the VM, they will not take any danger to your system.
### Magicmida
- ***Note:*** Available using the extra called: Unpacking
- ***Note:*** Available using the extra called: **Unpacking**
- **Web:** https://github.com/Hendi48/Magicmida
- **Developer:** Hendi48
- **Description:** Magicmida is a Themida auto-unpacker that works on some 32-bit applications. It works on all versions of Windows.
### NoVmp
- ***Note:*** Available using the extra called: Unpacking
- ***Note:*** Available using the extra called: **Unpacking**
- **Web:** https://github.com/can1357/NoVmp
- **Developer:** Can Bölük
- **Description:** A static devirtualizer for VMProtect x64 3.x powered by VTIL.
### VMUnprotect
- ***Note:*** Available using the extra called: Unpacking
- ***Note:*** Available using the extra called: **Unpacking**
- **Web:** https://github.com/void-stack/VMUnprotect
- **Developer:** voidstack
- **Description:** VMUnprotect is a project engaged in hunting virtualized VMProtect methods. It makes use of Harmony to dynamically read VMP behavior. Currently only supports method administration. Works on VMProtect 3.6.0 (Latest) and few versions back.
### VMUnprotect Dumper
- ***Note:*** Available using the extra called: Unpacking
- ***Note:*** Available using the extra called: **Unpacking**
- **Web:** https://github.com/void-stack/VMUnprotect.Dumper
- **Developer:** voidstack
- **Description:** VMUnprotect.Dumper is a project engaged in hunting tampered VMProtect assemblies. It makes use of AsmResolver to dynamically unpack VMP protected assembly. Works on VMProtect 3.7.0 (Latest) and few versions back.