It uses dnlib and AsmResolver to read and write .NET assemblies, helping to identify tampered or virtualized code blocks.
It includes features to counter VMProtect's built-in anti-debugging checks. Usage Context & Risks
It is most effective against VMProtect v3.6.0 and v3.7.0 .
A companion project by the same author that specifically focuses on dynamically unpacking VMProtect-protected assemblies.
is an open-source tool designed for security researchers and reverse engineers to analyze applications protected by VMProtect (v3.6.0 to v3.7.0). It specifically focuses on "hunting" and manipulating virtualized methods within .NET assemblies. Core Capabilities
Official project files and updates are hosted on the void-stack/VMUnprotect GitHub repository . Related Tools
While intended for legitimate reverse engineering and malware analysis—as VMProtect is often used to conceal malicious payloads—such tools are frequently flagged as "Riskware" or "HackTools" by antivirus software like Malwarebytes .
By utilizing the Harmony library, it hooks into the runtime to log the behavior of protected assemblies.