Anti Dump

Issues related to VMProtect
mal
Posts: 3
Joined: Sat Feb 18, 2017 10:59 pm

Anti Dump

Postby mal » Sat Feb 18, 2017 11:05 pm

So,

i just got used to the sdk. But i am worrying are there any good methods to protect from people dumping my software from memory?

Also i am using VMProtectBeginUltra for areas where i communicate with my server. However important strings can be seen if someone decides to dump my client. What can i do against that?

Admin
Site Admin
Posts: 1259
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Anti Dump

Postby Admin » Sun Feb 19, 2017 4:04 am

For important strings we can recommentd to use VMProtectDecryptString/VMProtectFreeString

mal
Posts: 3
Joined: Sat Feb 18, 2017 10:59 pm

Re: Anti Dump

Postby mal » Sun Feb 19, 2017 10:19 am

alright.

One more question and Mutation and Virtualization.

Example:

VMProtectBeginMutation("Hi);
if("check" = "check")
std::cout << "hi";
VmProtectEnd();

So does the mutation part is also on the memory present or just compile-time? So if i run my program will it mutate the code between "beginmutate" and "end"?
Same question for Virtualization.

Admin
Site Admin
Posts: 1259
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Anti Dump

Postby Admin » Sun Feb 19, 2017 10:26 am

Of course the code between VMProtectBeginMutation and VMProtectEnd modifies only at compile-time.

mal
Posts: 3
Joined: Sat Feb 18, 2017 10:59 pm

Re: Anti Dump

Postby mal » Sun Feb 19, 2017 12:16 pm

Oh i think i miswrite. What i mean is lets say i mutate a block. Now i looked it in ida and in fact the assembly changes. However if i run my program will the assembly go back to the original non-mutated code or the mutated code?

Example:

Original:
Push
Mov
Cmp
Jmp

Mutated
Cmp
Call
Jmp

Now in memory which of them is present?

Admin
Site Admin
Posts: 1259
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Anti Dump

Postby Admin » Sun Feb 19, 2017 12:47 pm

However if i run my program will the assembly go back to the original non-mutated code or the mutated code?

OMG. Look at IDA again.


Return to “Technical questions”

Who is online

Users browsing this forum: No registered users and 1 guest