VMProtect Software » Forum

Hi,

I've run into an issue with VMP.

One of the features is "import protection" which is supposed to hide the API list so that you can't see what API's a VMP protected program uses.

The problem, however, is that it doesn't seem to work with my DLL (any DLL, even a barebone skeleton DLL that only calls sleep). My protection options only mutate the code (no virtual machine is used).

If I disassemble the DLL and scroll down to where the import table should be, I see it and it is completely unprotected.

For instance, this is what I might see:

jmp dword ptr [10008000] where 10008000 points to the sleep api.

What I had expected to see was something like this:

jmp 06511AB0 where 6511AB0 is an obfuscated/mutated function that is a wrapper for the sleep api.

Can someone explain what the import protection is supposed to do in VMP?

Thanks.

Thanks for your report. It`s a bug. We`ll fix it soon.

Thanks.

Any idea how fast it will be fixed? I'm trying to release a software update and I don't want to release anything with my import table completely unprotected.

A friend with VMP told me that older versions of VMP did not have this problem (e.g. version 1.63).

Is it possible to be emailed an older version where this bug is fixed?

Thanks.

The fixed version sent to your e-mail. Please check it.

Thanks. As per my email response, my preliminary assessment is that it works as it should (import table is completely mutated). I will continue testing tomorrow and let you know if I notice any bugs.

Cheers.