Search found 10 matches
- Wed Aug 21, 2019 9:09 pm
- Forum: Technical questions
- Topic: Possible increase of entropy and difficulty?
- Replies: 0
- Views: 10138
Possible increase of entropy and difficulty?
Many have said that to "devirtualize" the VM architecture is trivial once all the opcodes are found and are translated for that specific build. They claim once you gain knowledge of each opcode then every virtualized function is at risk. I have question if it's possible to create a brand n...
- Mon Aug 20, 2018 7:11 pm
- Forum: Technical questions
- Topic: Memory Protection Issue
- Replies: 3
- Views: 4245
Re: Memory Protection Issue
I understand but your check only works in runtime not statically. If I we're to open up my binary (with memory protection) and modify a writable memory region statically (patching) then the checksum will get triggered...
- Tue Aug 14, 2018 6:00 am
- Forum: Technical questions
- Topic: Memory Protection Issue
- Replies: 3
- Views: 4245
Memory Protection Issue
Hello, I've excluded a segment from memory protection and when I edit (not in runtime, statically) any variables in my segment it gives an error??? The segment has the write privilege...
- Mon Mar 12, 2018 8:57 pm
- Forum: Technical questions
- Topic: Does VMProtect do this?!
- Replies: 5
- Views: 5792
Re: Does VMProtect do this?!
Yeah, and act as a white box, do you know what I mean?Admin wrote:Analyze bytes on the stack?
- Mon Mar 12, 2018 1:22 pm
- Forum: Technical questions
- Topic: Does VMProtect do this?!
- Replies: 5
- Views: 5792
Re: Does VMProtect do this?!
Make it harder to reverse engineer and analyze.Admin wrote:"obfuscate the key" - what do you mean?
- Sun Mar 11, 2018 5:56 pm
- Forum: Technical questions
- Topic: Does VMProtect do this?!
- Replies: 5
- Views: 5792
Does VMProtect do this?!
Hey, I was curious if I were to virtualize the function below would it virtualize and obfuscate the key?
Code: Select all
int important_function() {
uint8_t key[] = { 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00,
0x00};
// perform actions with key
}
- Thu Aug 31, 2017 5:38 pm
- Forum: Offtopic
- Topic: PInvoke is safe?
- Replies: 3
- Views: 34449
Re: PInvoke is safe?
Doesn't matter if they modify the C# application since it only processes and displays data through the protected DLL. They would need to modify the DLL for them to do some damage. My question is if Exported functions that are protected are as safe as normal ones. Edit: also doesn't matter if they ch...
- Tue Aug 29, 2017 7:26 pm
- Forum: Offtopic
- Topic: PInvoke is safe?
- Replies: 3
- Views: 34449
PInvoke is safe?
Hello, I am wondering if it is safe to virtualize a Export method and then PInvoke from C# UI program? Also from my testing if "GetStatusCode" is not virtualized it cannot access other virtualized functions :D Example: C++ extern "C" { __declspec(dllexport) int __cdecl GetStatusC...
- Sun Feb 12, 2017 7:46 pm
- Forum: Technical questions
- Topic: Unexplained crashes.
- Replies: 5
- Views: 7490
Re: Unexplained crashes.
Here are the errors on other peoples computers, on mine it works all the time. Has something to do the kernel option of VMProtectIsDebuggerPresent , or even the debugger + kernel option in the VMProtect application. Error 1: Unhandled exception at 0x1000B75B: 0x80000004: Single step. Error 2: Except...
- Thu Feb 09, 2017 3:26 pm
- Forum: Technical questions
- Topic: Unexplained crashes.
- Replies: 5
- Views: 7490
Unexplained crashes.
Hello, I am attempting to manual map a dll into a process. If the dll is packed with vmp lite and kernel+usermode debugging is on it crashes. Without debugging on, it doesnt.
It gave a 0x0000004 error (similar to that). It works on my pc but not others, very odd.
It gave a 0x0000004 error (similar to that). It works on my pc but not others, very odd.