What is VMProtect?
VMProtect is a new generation of software protection utilities. VMProtect supports Delphi, Borland C Builder, Visual C/C++, Visual Basic (native), Virtual Pascal and XCode compilers. At the same time VMProtect has a built-in disassembler that works with Windows and Mac OS X executables, and also can link a MAP-file created by the compiler to quickly select fragments of code for protection. For easy automation of application protection tasks, VMProtect implements a built-in script language. VMProtect fully supports 32/64-bit operating systems of the Windows family starting from Windows 2000, and Mac OS X starting from version 10.6. Importantly, regardless of the target platform, VMProtect supports all range of executables, that is, the Windows version can work with files from the Mac OS X version and vice versa.
The cornerstone principle of VMProtect is to provide efficient protection of the application code from examination by making the application code and logic very complex for further analysis and cracking. Main software code protection mechanisms VMProtect applies are: virtualization, mutation, and combined protection that involves mutation of the application code with subsequent virtualization.
The crucial advantage of the virtualization method used in VMProtect is the fact that the virtual machine executing virtualized fragments of code is embedded into the resulting code of the protected application. Therefore, the app protected with VMProtect needs no third-party libraries or modules to function. VMProtect allows using several different virtual machines to protect different fragments of code of the same application resulting in even more complicated cracking process, because a hacker now has to analyze architecture of multiple virtual machines.
The method of application code mutation applied in VMProtect is based on obfuscation — a process that adds to the application code various excessive, “garbage” commands, “dead” parts of the code, random conditional jumps. It also mutates original commands and transfers execution of certain operations to the stack.
The key difference of VMProtect from other software protectors is its ability to protect different parts of the code with different methods: part of the code can be virtualized, the other part is obfuscated and critical fragments are protected using the combined method.
To prevent false positives from antiviruses the registered version of VMProtect uses the Taggant library that signs the protected file with a certificate of the license owner.
Another unique feature of VMProtect is embedding of watermarks to the code of the application. Watermarks allow to definitely identify the official owner of the hacked copy of the program, and therefore to take certain measures to him or her.
VMProtect is available in 3 editions:
The below table lists differences in functionality of certain VMProtect editions:
|Virtual box detection||+||+||+|