VMProtect Software » Forum

Hello, can i suggest something about Memory Protection?: Separate the options on the Memory Protection's listview: CRC Checks. Virtual Memory Checks (hooks NtProtectVirtualMemory). All. So we can choose the protection level about Memory Protection, i suggest this because if some module gets loaded o...

Why do you need it? As i posted before, with "Detect It Easy" tool a cracker can identify VMP: https://vmpsoft.com/forum/viewtopic.php?f=2&t=30016&p=36570#p36570 kernel32.dll PE.getImportFunctionName(x,x)=="GetSystemTimeAsFileTime" And all combinations of the Import ...

Is there a chance to remove imports of KERNEL32.dll when using all protection options?:

GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Regards!

Hello!, i got this idea so i want to ask if this is possible. Its there a chance to replace "Mutation" protection with a "Minimal Virtualization"? Actually, we can only select "Mutation", "VIrtualization" and "Ultra" on every function. Virtualization...

Nope, patching the first bytes of a API can be avoided by making somewhat type of API Wrapper like Themida does, but honestly i don't like Themida, i don't use it and i will not use it, im on the VMProtect way, and will be nice if it can add somewhat of API Wrapper too! Themida does not prevent hoo...

Because there are too many ways of hook a APi. You have now answered your own question Nope, patching the first bytes of a API can be avoided by making somewhat type of API Wrapper like Themida does, but honestly i don't like Themida, i don't use it and i will not use it, im on the VMProtect way, a...

Catharsis wrote:

fuzzing wrote: Its there any chance to add a API Wrapper ?

What prevents you from implementing a check for the most common hooks yourself?

Because there are too many ways of hook a APi.
Checking for 0xE9 or things like that can be bypassed just changing the instruction hooking method.

Admin wrote:VMProtect doesn't protect system DLLs against hooks.

Its there any chance to add a API Wrapper ?

Any news or plans?

MessageBox was just a example, what we can do with anothers APIs ?
Can VMP add a API Wrapping?

After protect a file (.EXE on this case), .EXE calls MessageBoxA and that API can be hooked to log or alter his params.
If there any chance to make on VMProtect a API Wrapper to avoid calling the original hooked API?

When someone manual map a .DLL that is VMProtected, a crash happens when it is protected with Anti-Debug and Anti-VM option enabled.

There are a chance to add support to Manual Mapping using this protections?

This software can detect VMProtected files with this method: kernel32.dll PE.getImportFunctionName(x,x)=="GetSystemTimeAsFileTime" user32.dll PE.getImportFunctionName(x,x)=="CharUpperBuffW" kernel32.dll PE.getImportFunctionName(x,x)=="LocalAlloc" PE.getImportFunctionNam...

Everything fixed, thanks!

When a .exe (32 bits i tested) is compiled and then protected with VMProtect, the VS feature /DYNAMICBASE gets broken and the startaddress of the process is always 0x00400000, its there a chance to fix this on the next release?