Using markers
Markers are inserted in the code to protect separate sections of the code and also protect string constants. Markers are calls of imported procedures stored in an external DLL (VMProtectSDK32.dll is used for 32-bit applications and VMProtectSDK64.dll is used for 64-bit applications; VMProtectDDK32.sys and VMProtectDDK64.sys respectively are used to protect drivers), VMProtectSDK are used hereinafter. Procedures and functions located in VMProtectSDK do not do anything and serve only as markers by which VMProtect determines the borders of the protected code. Correspondingly, the beginning and end of a protected block are marked in the following way:
- Delphi
uses VMProtectSDK; VMProtectBegin(MARKER_NAME); ... VMProtectEnd;
#include "VMProtectSDK.h" VMProtectBegin(MARKER_NAME); ... VMProtectEnd();
include VMProtectSDK.inc invoke VMProtectBegin,SADD(MARKER_NAME) ... invoke VMProtectEnd
Call VarPtr("VMProtect begin")
...
Call VarPtr("VMProtect end")
It is also possible to use markers with predefined compilation types instead of VMProtectBegin:
- VMProtectBeginVirtualization – the marker will use the "Virtualization" type of compilation.
- VMProtectBeginMutation – the marker will use the "Mutation" type of compilation.
- VMProtectBeginUltra – the marker will use the "Ultra" type of compilation.
Important:
To protect markers, they should be added to the project in the GUI mode. It is also possible to automatically add all markers with the help of scripts.
Markers are processed in the following way: while analyzing the code of the protected application, VMProtect finds all calls of the VMProtectSDK procedures and functions. The borders of protected blocks are determined by the pairs of the following markers: VMProtectBegin/VMProtectBeginVirtualization/VMProtectBeginMutation/VMProtectBeginUltra and VMProtectEnd. When VMProtect processes the project, it removes markers and any mention of the VMProtectSDK libraries so there is no need to include these libraries in the software distribution package. Markers are removed no matter whether they are included in the compilation or not. If you use named markers, their names are also removed.
If you specify the name of a marker, it will be named "VMProtectMarker MARKER_NAME". If no name is specified for a marker, it will be given a unique name of the following type: "VMProtectMarker"+marker ordinal number. However, unnamed markers have one serious drawback: if you insert a new marker in the source code of the program, the numbers of unnamed markers will change so it is always makes sense to use named markers for software protection.
One important thing you should take into account while working with markers is that you must not allow jumps from unprotected sections inside a marker, which may occur, for example, when you mark only part of a loop with a marker. In case your application does not work after you protect it using markers, you can find out the addresses of jumps from unprotected sections by enabling the "Debug mode" option. It is possible to run the protected application in the debugger in this mode; the debugger will stop the execution of the program when it detects jumps from an unprotected section of the code. After you detect all jumps of this kind, you should either change the position of markers in the code of the program or, if possible, mark these addresses as external using the GUI version of VMProtect.
Important:
When VMProtect is used to protect applications, markers cannot be embedded and only inside markers will be considered the borders of the block. Only VMProtectBegin2 and VMProtectEnd1 will be considered the borders of the block in the example below. The rest of the markers will be considered unpaired, ie VMProtectBegin1 will be considered as an unpaired marker named UnpairedVMProtectBegin1, and VMProtectEnd2 will be considered as an unpaired marker named UnpairedVMProtectEnd1:
VMProtectBegin // 1 ... VMProtectBegin // 2 ... VMProtectEnd // 1 ... VMProtectEnd // 2
You can see unpaired markers on the "Dump" tab in the "Expert" mode:
Also, markers can be used to mark blocks of the code containing string constants that should be protected:
procedure TForm1.Button1Click(Sender: TObject);
begin
VMProtectBegin(nil);
if StrToIntDef(Edit1.Text, 0) mod 17=13 then
MessageDlg('Correct password', mtInformation, [mbOK], 0)
else
begin
MessageDlg('Incorrect password', mtError, [mbOK], 0);
Edit1.SetFocus;
end;
VMProtectEnd;
end;
In this case, you do not have to include the marker in the list of protected objects:
