VMProtect Software » Forum

Posted: **Mon Jan 03, 2022 10:56 am**

Since there is no official SDK example for golang, I studied it and found that it was feasible.

HWID and serial information can be successfully detected through CGO, but Marker cannot be detected by VMP.

After adding C.VMProtectBeginUltra(C.CString("protect") to my other project, Marker can be detected, but Marker's name cannot be recognized, and the content that needs to be protected cannot be detected.

Code: Select all

package main

// #include <stdbool.h>
// #include <stdlib.h>
// #include "VMProtectSDK.h"
// #cgo LDFLAGS: -L . -lVMProtectSDK
import "C"

import (
	"fmt"
	"unsafe"
)

func main() {
	Cprotect := C.CString("protect")
	defer C.free(unsafe.Pointer(Cprotect))
	//it's not work
	C.VMProtectBeginUltra(Cprotect)
	serial := "CMQz+nTnrgqB4OUBXAwCT9k40JM5qqVCQFSD4IAqega6C3KPidYeqE3iuVNelEbYYykEl2eTrzbjU424kGAsCz+Y478jMVfco6gVWoWDd+FwZrRU06dWdhkBzvzsVxnHmtdpN9An7pKEvH4RCEyqcc19WjBgas4TlSjOBUjXNMtx9txsGVev06nmgOUhx9gELi6R/e9xDMqhnK5Ys58jh52xTjuWUtw58qtRlJyMAnE4YSC8YRH4awnnkOAOFsRqpwMJB2uRIgHjfdkhd5JFUDU1UHFFH8ASZ0w1ti464OSybPB9AmlP+2L/1+ZonvkID3bjHIHPG2Tr55BGE0nxDQ=="
	nSize := C.VMProtectGetCurrentHWID(nil, 0)
	hw := new(C.char)
	C.VMProtectGetCurrentHWID(hw, nSize)
	hwid := C.GoString(hw)
	Cserial := C.CString(serial)
	defer C.free(unsafe.Pointer(Cserial))
	kstate := C.VMProtectSetSerialNumber(Cserial)
	var sd C.VMProtectSerialNumberData
	C.VMProtectGetSerialNumberData(&sd, C.sizeof_VMProtectSerialNumberData)
	var user string
	for _, v := range sd.wUserName {
		if v != 0 {
			user += string(v)
		}
	}
	//it's work
	fmt.Println("HWID: ", hwid)
	//it's work
	fmt.Println("Is Protected: ", C.VMProtectIsProtected())
	//it's work
	fmt.Println(kstate)
	//it's work
	fmt.Println(user)
	C.VMProtectEnd()
	return
}

: 1.png (625.72 KiB) Viewed 4179 times

: 1.png (625.72 KiB) Viewed 4179 times

Posted: **Mon Jan 03, 2022 11:22 am**

Unfortunately VMProtect doesn't support binaries compiled with trash compilers like Golang, etc.

Posted: **Thu Apr 07, 2022 1:17 pm**

Admin wrote:Unfortunately VMProtect doesn't support binaries compiled with trash compilers like Golang, etc.

Hello, admin, I just buy VMProtect Ultimate v3.6.0.1410 today.
After a few days of research, I solved the compatibility of some VMProtect with Golang.
Now VMProtect can recognize the addresses of VMProtectBegin and VMProtectEnd.
However, MarkerName are not recognized, and VMProtectDecryptStringA is doesn't work .
Can solve the problem of protecting Golang?
Other functions seem to be feasible, but I'm not sure. please help me check the Virtualization and Mutation ,Has it played a protect role?
Below are unprotected programs, Mach-o and PE.

NoVMP.zip: (2.95 MiB) Downloaded 190 times

Posted: **Thu Apr 07, 2022 1:25 pm**

I have already wrote that VMProtect doesn't support Golang. Look at this:

Code: Select all

000000014008E7E9	lea rax, [00000001400C53DF] → string "marker"
000000014008E7F0	mov ebx, 00000007
000000014008E7F5	call 000000014008E100 → VMProtect.CString
000000014008E7FA	call 000000014008F278 → VMProtectBeginUltra
000000014008E7FF	lea rax, [00000001400C66BE] → string "DecryptString"
000000014008E806	mov ebx, 0000000E
000000014008E80B	call 000000014008E100 → VMProtect.CString
000000014008E810	call 000000014008F2A0 → VMProtectDecryptStringA

VMProtect doesn't know what happens here:

Code: Select all

000000014008E7F0	mov ebx, 00000007
000000014008E7F5	call 000000014008E100 → VMProtect.CString

So it doesn't see strings "marker" and "DecryptString"

Posted: **Thu Apr 07, 2022 1:31 pm**

Okay, I see. Golang call C and needs to be converted many times, but it doesn't matter. Can code virtualization work?

Posted: **Thu Apr 07, 2022 1:33 pm**

Can code virtualization work?

I don't know because Golang is very strange compiler.

Posted: **Thu Apr 07, 2022 1:38 pm**

Thank you for your answer. If possible, I hope it will be compatible in the future.

Posted: **Thu Apr 07, 2022 1:41 pm**

We have no such plans.

Posted: **Sat Apr 09, 2022 12:16 pm**

update

After some code modify,use some alternative methods of golang,
Now golang is basically compatible with VMP.
MarkerName and string for VMProtectDecryptString can be detected.
After tested,VMProtectDecryptString is work,string is encrypted.
The PE compiled by w64-mingw32 is work,
but mach-o compiled by apple clang 13 also can't detect the MarkerName and string for VMProtectDecryptString.
I will try the GCC for test.

: 1.png (1.43 MiB) Viewed 3463 times

Posted: **Sat Apr 09, 2022 1:06 pm**

Please attach the mach-o binary.

Posted: **Sat Apr 09, 2022 1:13 pm**

Admin wrote:Please attach the mach-o binary.

golang.zip: (1.2 MiB) Downloaded 263 times

Posted: **Sat Apr 09, 2022 2:59 pm**

The calling convention is wrong for mach-o:

Code: Select all

000000000408E2C0	lea rcx, [00000000040A89D7] → string "DecryptString"
000000000408E2C7	mov [rax], rcx
000000000408E2CA	call 000000000408ED8C → _VMProtectDecryptStringA

The first parameter for API must be RDI instead of RCX.

VMProtect Software » Forum

Can't find marker in golang Binary

Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary

Re: Can't find marker in golang Binary