VMProtect Software » Forum

Hi,

I was playing around with VMP 3.0.3 and I've noticed there is no import protection at all! All imports are visible under debugger regardless of "Import Protection" setting. IAT of protected application is completely intact. To me looks like a very serious bug. Import Protection is one of very basic features of every serious protector and VMP2 had no problems in this area.

Btw I've also noticed that enabling "Memory Protection" increases output size very significantly, around 1MB in my case (additional VM just for this feature perhaps?). For everyone that cares about file size I'd recommend to disable that option. Also note that besides additional integrity check it will place a hook on one of native APIs to prevent making protected sections writable. This might be unwanted in some scenarios so keep this in mind when using this feature.

Could you send us an example that shows a wrong work of import protection?

Sample sent via PM.

For everyone that cares about file size I'd recommend to disable that option. Also note that besides additional integrity check it will place a hook on one of native APIs to prevent making protected sections writable. This might be unwanted in some scenarios so keep this in mind when using this feature.

The main goal of the software protection - make cracker's job more hard as possible, so the "Memory protection" option is the main additional feature after virtualization of critical code. In this case the size of protected application isn't so important. Anyway, VMProtect disallows VirtualProtect for regions that are controlled by "Memory protection" because otherwise your protected application will crash randomly (VMProtect checks random parts of protected regions with VM).