@Vam
Current Version is better than old... better detection of Handler.
But a 2big problem is still here.
1.VMProtect is stack based VM, so all stuff are pushed on stack for process.
even without add junk code,its obfuscated. why?
because:
push dword ptr [reg_C]
push 0041077C
pop eax
pop edx
mov dword ptr ds:[eax], edx ;00000005
is :
MOV DWORD PTR DS:[41077C],ECX
so its hard for to understand in Long analyse.
its better to use atleast pattern matching for deobfuscating this routine.
for example : handler : 0x50,0x60,0x40,0x70,0x80 if run together it will for example
equal to MOV R32,R32
if you do it, it will be very good.
Kind Regards.
Also im w8 for your new version