Jump to content
Tuts 4 You

Engima Protector X64 or VMProtect


T-Mixer

Recommended Posts

Posted

I'm a software coder. I'm so confused. So hard to choose between Enigma Protector X64 or VMProtect... Which protector is more reliable ?


I'm coding for X64 platform !


Thanks.


Posted (edited)

So VMProtect for X64 is harder to crack no ? because X86 is somewhat easy to unpack (specially using scripts)


Edited by T-Mixer
Posted

Just keep in mind that if you dont use them properly, both are trivial to crack.


  • Like 1
Posted (edited)

Just keep in mind that if you dont use them properly, both are trivial to crack.

No, I'm using the SDK + Markers.

Also I'm codinf for X64 that is harder than X86 to crack, because crackers are more familiar with X86 app.

Edited by T-Mixer
Posted

X86 is somewhat easy to unpack (specially using scripts)

Here you are wrong.

Each Protection have his unique features and if is well coded and projected it will be hard for a cracked to get trough.

This will be done in one day or another. It depends of interest.

My bet is to a system driver witch have access to ring0.

Well implemented will give you expected result.

  • Like 1
Posted

My bet is to a system driver witch have access to ring0.

Well implemented will give you expected result.

 

I disagree. Past few days I've been trying to write a kernel protection for my CrackMe, but what can you protect w/driver for anti-reversing purpose?

 

The stable kernel protection features do stuff like stop file deletion, hide file, stop process kill, stop registry key delete, block process/thread execution, disk crypto, and a few others - ie only designed to protect security softwares. 

 

IMHO kernel drivers are useless for anti-reversing (unless you have the kernel's source code and can mod/recompile it, which u dont for Win).

  • Like 1
Posted

I think Safengine is better


Posted (edited)

It slows lots of your application response your SafeEngine.


And if you use the .NET protection is useless.


Edited by GIV
Posted

Your best protection would be to encrypt parts of the code or features you do not want people to use on a trial or demo version. Also using the same theory only release a demo version without the feature or code for a full version. Also many others also create fake registration keys that expire, or use a very cunning check against carders.. Make sure keys used are tied to the computer its for.. (in other words validate it as legitimate person buying it.. ) keep that in mind!


  • Like 1
Posted

I disagree. Past few days I've been trying to write a kernel protection for my CrackMe, but what can you protect w/driver for anti-reversing purpose?

 

The stable kernel protection features do stuff like stop file deletion, hide file, stop process kill, stop registry key delete, block process/thread execution, disk crypto, and a few others - ie only designed to protect security softwares. 

 

IMHO kernel drivers are useless for anti-reversing (unless you have the kernel's source code and can mod/recompile it, which u dont for Win).

If you like to play around with that, I can suggest you to write a driver that can execute a certain function outside the user mode pe file. Its allways annoying but easily broken since you can allways disassemble the driver code.

Posted

If you like to play around with that, I can suggest you to write a driver that can execute a certain function outside the user mode pe file. Its allways annoying but easily broken since you can allways disassemble the driver code.

 

Thanks for suggesting, sure, even though I don't expect it to be difficult for you I will try that to see what happens.

Posted

latest "private exe protect" is better..


  • 2 months later...
Posted

VMprotect or SafeEngine

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...