Skip to content

mizt0/vmp-iat-recovery-tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

src

src

 
 

.gitignore

.gitignore

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

README.md

README.md

 
 

Repository files navigation

vmp-iat-recovery-tool

What is this?

A tool to recover the import address table of x64 bit PE binaries obfuscated with VMProtect 3.x.

How it works

It collects modules within the current running process, and saves them. It then emulates the program and adds a code hook to log import calls. Once that is done, the import address table is repaired.

Usage

  1. Edit the file name in main.rs to the name of the process
  2. Set "rebuild_iat" to true to patch the binary (currently broken)
  3. Open the terminal and perform cargo run

Disclaimer

This tool is currently unstable and may not work correctly. The code is for educational purposes.

About

Recover import address table of VMProtect

Resources

Readme
Activity

Stars

7 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages