| Tool | Capability | VMProtect version | Limitations | |------|------------|-------------------|--------------| | | Import restoration, anti-anti-debug | 2.x, partial 3.x | Does not de-virtualize | | VMEmu (private) | Emulates bytecode → x86 | 2.x only | No public release | | VMAttack (defunct) | Static analysis of VM handlers | 2.x | Abandoned; fails on 3.x | | Unicorn + custom script | Full emulation of VM | Any (requires handler RE) | Extremely high effort | | Ghidra + VMProtect plugin | Basic VM detection, handler marking | 2.x | No bytecode lifting |