Page 1 of 1
Unknown lines on my functions
Posted: Sat Aug 10, 2019 10:51 am
by x22x22
I saw the following lines on vmprotect, What are the purposes of these lines?
Re: Unknown lines on my functions
Posted: Sat Aug 10, 2019 11:07 am
by Admin
This is information about try/catch/finally blocks in the function. Here is more detailed information if you need:
https://yurichev.com/mirrors/RE/Recon-2 ... ernals.pdf
Re: Unknown lines on my functions
Posted: Sat Aug 10, 2019 11:17 am
by x22x22
When I try to virtualize functions which contain lines like above many antiviruses show my application as "Gen:Variant.Ursu.546526".
This problem just occurred when I virtualize these functions.
Do you have any suggestion to remove these lines completely?
And I don't use try/catch/finally blocks on my code.
Re: Unknown lines on my functions
Posted: Sat Aug 10, 2019 11:35 am
by Admin
When I try to virtualize functions which contain lines like above many antiviruses shows my application as "Gen:Variant.Ursu.546526".
I don't think so
)
Do you have any suggestion to remove these lines completely?
Please notice that it's a part of your function like other commands (MOV, RET, etc.) and it can't be removed.
And I don't use try/catch/finally blocks on my code.
It seems you don't know how compilers work. For example:
Code: Select all
class MyClass
{
public:
MyClass();
~MyClass()
{
printf("~MyClass()/n");
}
...
}
void Main()
{
MyClass my_object();
...
}
The function "Main" will have try/finally block (created by compiler) for calling of a destrtuctor of "my_object" something like this:
Code: Select all
void Main()
{
MyClass my_object();
try {
...
} finally
{
delete my_object;
}
}
Re: Unknown lines on my functions
Posted: Sat Aug 10, 2019 11:54 am
by x22x22
Thank you for the detailed answer.
If I use a code signing certificate on my software, Do the negative results decrease?