Search found 19 matches
- Tue Sep 26, 2023 7:33 pm
- Forum: Technical questions
- Topic: Memory Protection (NtProtectVirtualMemory)
- Replies: 0
- Views: 3902
Memory Protection (NtProtectVirtualMemory)
Hello, can i suggest something about Memory Protection?: Separate the options on the Memory Protection's listview: CRC Checks. Virtual Memory Checks (hooks NtProtectVirtualMemory). All. So we can choose the protection level about Memory Protection, i suggest this because if some module gets loaded o...
- Sat Aug 19, 2023 1:34 am
- Forum: Technical questions
- Topic: How to remove Imports from KERNEL32.dll
- Replies: 3
- Views: 4145
Re: How to remove Imports from KERNEL32.dll
Why do you need it? As i posted before, with "Detect It Easy" tool a cracker can identify VMP: https://vmpsoft.com/forum/viewtopic.php?f=2&t=30016&p=36570#p36570 kernel32.dll PE.getImportFunctionName(x,x)=="GetSystemTimeAsFileTime" And all combinations of the Import ...
- Fri Aug 18, 2023 2:05 am
- Forum: Technical questions
- Topic: How to remove Imports from KERNEL32.dll
- Replies: 3
- Views: 4145
How to remove Imports from KERNEL32.dll
Is there a chance to remove imports of KERNEL32.dll when using all protection options?:
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
Regards!
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
Regards!
- Mon Aug 07, 2023 10:49 pm
- Forum: Technical questions
- Topic: Possibility to replace Mutation with Minimal Virtualization?
- Replies: 0
- Views: 5263
Possibility to replace Mutation with Minimal Virtualization?
Hello!, i got this idea so i want to ask if this is possible. Its there a chance to replace "Mutation" protection with a "Minimal Virtualization"? Actually, we can only select "Mutation", "VIrtualization" and "Ultra" on every function. Virtualization...
- Mon Feb 20, 2023 2:41 am
- Forum: Technical questions
- Topic: Calling API Hookeds Problem
- Replies: 17
- Views: 6337
Re: Calling API Hookeds Problem
Nope, patching the first bytes of a API can be avoided by making somewhat type of API Wrapper like Themida does, but honestly i don't like Themida, i don't use it and i will not use it, im on the VMProtect way, and will be nice if it can add somewhat of API Wrapper too! Themida does not prevent hoo...
- Sun Feb 19, 2023 9:59 pm
- Forum: Technical questions
- Topic: Calling API Hookeds Problem
- Replies: 17
- Views: 6337
Re: Calling API Hookeds Problem
Because there are too many ways of hook a APi. You have now answered your own question Nope, patching the first bytes of a API can be avoided by making somewhat type of API Wrapper like Themida does, but honestly i don't like Themida, i don't use it and i will not use it, im on the VMProtect way, a...
- Sat Feb 18, 2023 12:08 pm
- Forum: Technical questions
- Topic: Calling API Hookeds Problem
- Replies: 17
- Views: 6337
Re: Calling API Hookeds Problem
Because there are too many ways of hook a APi.Catharsis wrote:What prevents you from implementing a check for the most common hooks yourself?fuzzing wrote: Its there any chance to add a API Wrapper ?
Checking for 0xE9 or things like that can be bypassed just changing the instruction hooking method.
- Thu Feb 16, 2023 11:15 am
- Forum: Technical questions
- Topic: Calling API Hookeds Problem
- Replies: 17
- Views: 6337
Re: Calling API Hookeds Problem
Its there any chance to add a API Wrapper ?Admin wrote:VMProtect doesn't protect system DLLs against hooks.
- Wed Feb 15, 2023 4:26 am
- Forum: Technical questions
- Topic: Calling API Hookeds Problem
- Replies: 17
- Views: 6337
Re: Calling API Hookeds Problem
Any news or plans?
- Sun Feb 12, 2023 9:19 pm
- Forum: Technical questions
- Topic: Calling API Hookeds Problem
- Replies: 17
- Views: 6337
Re: Calling API Hookeds Problem
MessageBox was just a example, what we can do with anothers APIs ?
Can VMP add a API Wrapping?
Can VMP add a API Wrapping?
- Sun Feb 12, 2023 7:51 am
- Forum: Technical questions
- Topic: Calling API Hookeds Problem
- Replies: 17
- Views: 6337
Calling API Hookeds Problem
After protect a file (.EXE on this case), .EXE calls MessageBoxA and that API can be hooked to log or alter his params.
If there any chance to make on VMProtect a API Wrapper to avoid calling the original hooked API?
If there any chance to make on VMProtect a API Wrapper to avoid calling the original hooked API?
- Thu Feb 09, 2023 11:59 pm
- Forum: Technical questions
- Topic: Manual Map Support for .DLLs (Anti-Debug & Anti-VM problem)
- Replies: 1
- Views: 3188
Manual Map Support for .DLLs (Anti-Debug & Anti-VM problem)
When someone manual map a .DLL that is VMProtected, a crash happens when it is protected with Anti-Debug and Anti-VM option enabled.
There are a chance to add support to Manual Mapping using this protections?
There are a chance to add support to Manual Mapping using this protections?
- Thu Feb 09, 2023 11:53 pm
- Forum: Technical questions
- Topic: Detect It Easy Identification Problem
- Replies: 0
- Views: 5602
Detect It Easy Identification Problem
This software can detect VMProtected files with this method: kernel32.dll PE.getImportFunctionName(x,x)=="GetSystemTimeAsFileTime" user32.dll PE.getImportFunctionName(x,x)=="CharUpperBuffW" kernel32.dll PE.getImportFunctionName(x,x)=="LocalAlloc" PE.getImportFunctionNam...
- Thu Dec 31, 2020 5:42 am
- Forum: Technical questions
- Topic: /DYNAMICBASE is broken after protection.
- Replies: 2
- Views: 2339
Re: /DYNAMICBASE is broken after protection.
Everything fixed, thanks!
- Tue Dec 22, 2020 7:14 pm
- Forum: Technical questions
- Topic: /DYNAMICBASE is broken after protection.
- Replies: 2
- Views: 2339
/DYNAMICBASE is broken after protection.
When a .exe (32 bits i tested) is compiled and then protected with VMProtect, the VS feature /DYNAMICBASE gets broken and the startaddress of the process is always 0x00400000, its there a chance to fix this on the next release?