Open Source · BSD-3-Clause License

VTIL
De-virtualize anything.

Virtual-machine Translation Intermediate Language - an optimizing compiler toolset for binary de-obfuscation, de-virtualization, and static analysis across any native architecture.

Get Started View on GitHub1.5k Join Discord

example.cpp

// Load a serialized VTIL routine from disk
std::unique_ptr<vtil::routine> rtn(vtil::load_routine("routine.vtil"));

// Emit native assembly bytes into the VTIL stream
rtn->entry_point->vemits("mov rax, rbx");

// Run the profiled optimization pipeline
vtil::optimizer::apply_all_profiled(rtn.get());

// Print the optimized IR for inspection
vtil::debug::dump(rtn.get());

1.5k+

GitHub Stars

Repositories

x86 / ARM

Architectures

BSD-3

License

Why VTIL

Built for serious binary analysis

VTIL provides the primitives needed to build powerful de-obfuscation and de-virtualization pipelines with a clean, ergonomic C++ API.

Architecture-Agnostic IL

Lift from any native architecture - x86, x64, ARM, and beyond - including stack machines. VTIL's flexible operand model makes lifting straightforward.

Optimizing Compiler

Full optimization pipeline including dead code elimination, constant folding, expression simplification, and symbolic evaluation passes.

Preserves Native Concepts

Unlike LLVM, VTIL keeps native ISA concepts intact - physical registers, the native stack, and non-SSA CPU architecture - ideal for reverse engineering.

De-virtualization Engine

Purpose-built for defeating commercial VM-based obfuscators. Symbolically trace and reconstruct de-virtualized, human-readable code.

Full CFG Support

First-class control flow graph representation. Visualize, navigate, and transform routine-level and block-level CFGs with ease.

Multi-Language Bindings

First-class C++ API with Python bindings, a Rust parser, and a Binary Ninja plugin for seamless integration into your existing workflow.

Ecosystem

The VTIL repositories

A growing collection of tools, lifters, plugins, and language bindings built on top of the VTIL core.

VTIL-Core

Core

The core VTIL library - IR definition, optimizer passes, symbolic evaluation, and code emitters.

C++1.5k175

VTIL-BinaryNinja

Binary Ninja plugin for loading VTIL routines and lifting x86 instructions directly to LLIL.

Python939

VTIL-NativeLifters

Lifters for native architectures (x86/x64) to VTIL IR. Work in progress - the entry point for binary analysis pipelines.

C++7624

VTIL-Samples

Annotated code samples to get started with the VTIL API - lifters, optimization passes, and emitters.

CMake3814

VTIL-Python

Python bindings for the VTIL API - expose the full C++ optimizer and IR to Python scripts.

C++2919

VTIL-Utils

Command-line utility for inspecting and manipulating serialized VTIL files.

CMake2712

VTIL-Sandbox

Local inspection tool for visualizing VTIL blocks, control flow graphs, and instruction metadata.

C++159

VTIL-RustParser

Read and write VTIL serialized routine files from Rust. Useful for cross-language tooling.

Rust110

View all repositories on GitHub

Open Source

Start building with VTIL

Whether you're reversing a commercial VM protector, building a binary analysis framework, or researching obfuscation techniques - VTIL gives you the primitives to do it right.

Read the Docs Browse GitHub Join Discord

Free & Open SourceBSD-3-Clause LicensedCommunity Driven

VTILDe-virtualize anything.