VMP3 - Import and Memory Protection

Issues related to VMProtect
Post Reply
tmp
Posts: 6
Joined: Sun Sep 06, 2015 8:55 pm

VMP3 - Import and Memory Protection

Post by tmp »

Hi,

I was playing around with VMP 3.0.3 and I've noticed there is no import protection at all! All imports are visible under debugger regardless of "Import Protection" setting. IAT of protected application is completely intact. To me looks like a very serious bug. Import Protection is one of very basic features of every serious protector and VMP2 had no problems in this area.

Btw I've also noticed that enabling "Memory Protection" increases output size very significantly, around 1MB in my case (additional VM just for this feature perhaps?). For everyone that cares about file size I'd recommend to disable that option. Also note that besides additional integrity check it will place a hook on one of native APIs to prevent making protected sections writable. This might be unwanted in some scenarios so keep this in mind when using this feature.
Admin
Site Admin
Posts: 2566
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: VMP3 - Import and Memory Protection

Post by Admin »

Could you send us an example that shows a wrong work of import protection?
tmp
Posts: 6
Joined: Sun Sep 06, 2015 8:55 pm

Re: VMP3 - Import and Memory Protection

Post by tmp »

Sample sent via PM.
Admin
Site Admin
Posts: 2566
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: VMP3 - Import and Memory Protection

Post by Admin »

For everyone that cares about file size I'd recommend to disable that option. Also note that besides additional integrity check it will place a hook on one of native APIs to prevent making protected sections writable. This might be unwanted in some scenarios so keep this in mind when using this feature.
The main goal of the software protection - make cracker's job more hard as possible, so the "Memory protection" option is the main additional feature after virtualization of critical code. In this case the size of protected application isn't so important. Anyway, VMProtect disallows VirtualProtect for regions that are controlled by "Memory protection" because otherwise your protected application will crash randomly (VMProtect checks random parts of protected regions with VM).
Post Reply