VMPDump - A dynamic VMP dumper and import fixer, powered by VTIL.


A dynamic VMP dumper and import fixer, powered by VTIL. Works for VMProtect 3.X x64. Before vs After Usage VMPDump.exe <Target PID> "<Target Module>" [-ep=<Entry Point RVA>] [-disable-reloc] Arguments: <Target PID>: The ID of the target process, in decimal or hex form. <Target Module>: The name of the module which should be dumped and fixed. This can be an empty string ("") if the process image module is desired. [-ep=<Entry Point RVA>]: An optionally-provided entry-point RVA, in hex form. VMPDump simply overwrites the Entry Point in the optional header with this value. [-disable-reloc]: An optional setting to instruct VMPDump to mark that relocs have been stripped in the output image, forcing the image to load at the dumped ImageBase. This is useful if runnable dumps are desired. VMProtect initialization and unpacking must be complete in the target process before running VMPDump. This means it must be at or past the OEP (Original Entry Point).....

September 25, 2020
Notify of
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.