A tool to recover the import address table of x64 bit PE binaries obfuscated with VMProtect 3.x.
It collects modules within the current running process, and saves them. It then emulates the program and adds a code hook to log import calls. Once that is done, the import address table is repaired.
- Edit the file name in main.rs to the name of the process
- Set "rebuild_iat" to true to patch the binary (currently broken)
- Open the terminal and perform cargo run
This tool is currently unstable and may not work correctly. The code is for educational purposes.