Search found 10 matches

by bigguy
Wed Aug 21, 2019 9:09 pm
Forum: Technical questions
Topic: Possible increase of entropy and difficulty?
Replies: 0
Views: 8858

Possible increase of entropy and difficulty?

Many have said that to "devirtualize" the VM architecture is trivial once all the opcodes are found and are translated for that specific build. They claim once you gain knowledge of each opcode then every virtualized function is at risk. I have question if it's possible to create a brand n...
by bigguy
Mon Aug 20, 2018 7:11 pm
Forum: Technical questions
Topic: Memory Protection Issue
Replies: 3
Views: 4218

Re: Memory Protection Issue

I understand but your check only works in runtime not statically. If I we're to open up my binary (with memory protection) and modify a writable memory region statically (patching) then the checksum will get triggered...
by bigguy
Tue Aug 14, 2018 6:00 am
Forum: Technical questions
Topic: Memory Protection Issue
Replies: 3
Views: 4218

Memory Protection Issue

Hello, I've excluded a segment from memory protection and when I edit (not in runtime, statically) any variables in my segment it gives an error??? The segment has the write privilege...
by bigguy
Mon Mar 12, 2018 8:57 pm
Forum: Technical questions
Topic: Does VMProtect do this?!
Replies: 5
Views: 5758

Re: Does VMProtect do this?!

Admin wrote:Analyze bytes on the stack?
Yeah, and act as a white box, do you know what I mean?
by bigguy
Mon Mar 12, 2018 1:22 pm
Forum: Technical questions
Topic: Does VMProtect do this?!
Replies: 5
Views: 5758

Re: Does VMProtect do this?!

Admin wrote:"obfuscate the key" - what do you mean?
Make it harder to reverse engineer and analyze.
by bigguy
Sun Mar 11, 2018 5:56 pm
Forum: Technical questions
Topic: Does VMProtect do this?!
Replies: 5
Views: 5758

Does VMProtect do this?!

Hey, I was curious if I were to virtualize the function below would it virtualize and obfuscate the key?

Code: Select all

int important_function() {
	uint8_t key[] = { 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00,
		0x00};
		
	// perform actions with key
}
by bigguy
Thu Aug 31, 2017 5:38 pm
Forum: Offtopic
Topic: PInvoke is safe?
Replies: 3
Views: 34023

Re: PInvoke is safe?

Doesn't matter if they modify the C# application since it only processes and displays data through the protected DLL. They would need to modify the DLL for them to do some damage. My question is if Exported functions that are protected are as safe as normal ones. Edit: also doesn't matter if they ch...
by bigguy
Tue Aug 29, 2017 7:26 pm
Forum: Offtopic
Topic: PInvoke is safe?
Replies: 3
Views: 34023

PInvoke is safe?

Hello, I am wondering if it is safe to virtualize a Export method and then PInvoke from C# UI program? Also from my testing if "GetStatusCode" is not virtualized it cannot access other virtualized functions :D Example: C++ extern "C" { __declspec(dllexport) int __cdecl GetStatusC...
by bigguy
Sun Feb 12, 2017 7:46 pm
Forum: Technical questions
Topic: Unexplained crashes.
Replies: 5
Views: 7462

Re: Unexplained crashes.

Here are the errors on other peoples computers, on mine it works all the time. Has something to do the kernel option of VMProtectIsDebuggerPresent , or even the debugger + kernel option in the VMProtect application. Error 1: Unhandled exception at 0x1000B75B: 0x80000004: Single step. Error 2: Except...
by bigguy
Thu Feb 09, 2017 3:26 pm
Forum: Technical questions
Topic: Unexplained crashes.
Replies: 5
Views: 7462

Unexplained crashes.

Hello, I am attempting to manual map a dll into a process. If the dll is packed with vmp lite and kernel+usermode debugging is on it crashes. Without debugging on, it doesnt.

It gave a 0x0000004 error (similar to that). It works on my pc but not others, very odd.