{"id":13608967,"url":"https://github.com/can1357/NoVmp","last_synced_at":"2025-04-12T17:33:31.299Z","repository":{"id":38445509,"uuid":"287975640","full_name":"can1357/NoVmp","owner":"can1357","description":"A static devirtualizer for VMProtect x64 3.x. powered by VTIL.","archived":false,"fork":false,"pushed_at":"2021-08-08T16:34:04.000Z","size":346,"stargazers_count":2004,"open_issues_count":9,"forks_count":344,"subscribers_count":82,"default_branch":"master","last_synced_at":"2025-04-07T23:10:05.864Z","etag":null,"topics":["devirtualization","vmprotect","vtil"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/can1357.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-16T15:54:26.000Z","updated_at":"2025-04-07T12:45:28.000Z","dependencies_parsed_at":"2022-07-10T15:32:14.566Z","dependency_job_id":null,"html_url":"https://github.com/can1357/NoVmp","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/can1357%2FNoVmp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/can1357%2FNoVmp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/can1357%2FNoVmp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/can1357%2FNoVmp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/can1357","download_url":"https://codeload.github.com/can1357/NoVmp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248605471,"owners_count":21132175,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devirtualization","vmprotect","vtil"],"created_at":"2024-08-01T19:01:31.382Z","updated_at":"2025-04-12T17:33:26.282Z","avatar_url":"https://github.com/can1357.png","language":"C++","funding_links":[],"categories":["C++","C++ (225)","Reverse Engine","Reverse Engineering"],"sub_categories":["Decompilers"],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.vtil.org/\"\u003e\n    \u003cimg width=\"256\" heigth=\"256\" src=\"https://raw.githubusercontent.com/can1357/NoVmp/master/assets/logo.png\"\u003e\n  \u003c/a\u003e\n  \n  \u003ch1 align=\"center\"\u003eNoVmp\u003c/h1\u003e\n  \n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://ci.appveyor.com/project/can1357/NoVmp\"\u003e\n      \u003cimg src=\"https://img.shields.io/appveyor/build/can1357/NoVmp?logo=appveyor\u0026style=flat-square\" alt=\"appveyor-ci\"/\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/can1357/NoVmp/blob/master/LICENSE.md\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/license/can1357/NoVmp.svg?style=flat-square\" alt=\"license\"/\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n  \n  \u003cp align=\"center\"\u003e\n    A static devirtualizer for VMProtect x64 3.x powered by VTIL.\n  \u003c/p\u003e\n\u003c/p\u003e\n\n### VMProtect? Nope.\nNoVmp is a project devirtualizing VMProtect x64 3.0 - 3.5 (latest) into optimized VTIL and optionally recompiling back to x64 using the [Virtual-machine Translation Intermediate Language](https://github.com/vtil-project/VTIL-Core) library. It is rather experimental and is mostly a PoC I wanted to release. Most things can be improved especially with the new NativeLifters repo, but it did not exist back in the time this was written.\n\n# Usage\nNoVmp  accepts **unpacked binaries**, so if your binary is packed you'll have to dump it first, additionally if you did dump it using a tool like Scylla, you'll have to provide the original image base using the `-base` parameter like so:\n\n`-base 0x14000000` \n\nBy default NoVmp will parse every single jump into a VM, if you are only interested in a number of **specific** virtualized routines you can use the `-vms` parameter like so with relative virtual addresses:\n\n`-vms 0x729B81 0x72521`\n\nThese addresses should be pointing at the VMEnter, as shown below:\n\n![VMEnter](https://raw.githubusercontent.com/can1357/NoVmp/master/assets/vmenter.png)\n\nBy default section discovery is automatic, but in case your calls are not being chained you should try adding the VMProtect section name into the section list using `-sections` as shown below:\n\n`-sections .xxx0 .yyy0`\n\nNote that the `.\u003cvmp\u003e1` section is the merged VMProtect DLL which should not be inputted.\n\nAdditionally you can use any of the following switches:\n- `-noopt`: Disables optimization.\n- `-opt:constant`: Optimizes the VMProtect Ultra constant obfuscation out.\n- `-experimental:recompile`: Enables the experimental x64 compiler.\n\n# Known bugs\n- Known issues from VTIL-Core, mainly the lack of jump table support and propagation passes taking too long/not being great which are being worked on.\n- Binaries compiled with relocations stripped are not fully supported yet.\n- Experimental compiler is a borderline broken demo, issues related to it should not be submitted as it'll be reworked and will be in VTIL-Core.\n\n# License\nNoVmp is licensed under the GNU General Public License v3.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcan1357%2FNoVmp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcan1357%2FNoVmp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcan1357%2FNoVmp/lists"}