Hi,
We like to collect stack traces from user crashes. I've got the trace in the form of the program counter addresses for each stack frame.
I can get the symbols using dbghelp.dll and the pdb in the usual manner before protecting.
Is there a tool to translate those back to what they were before protecting, so I can get the symbols etc?
I've seen the MiniDumpFixer.exe, but I'd rather not start collecting minidumps unless I absoluely have to.
Stack trace translation
Re: Stack trace translation
VMProtect changes EIP of virtualized/compiled commands, so it's impossible to translate new EIPs to old addresses