Guest Steve Posted March 15, 2018 Posted March 15, 2018 Hi all, What is the best protector for c++ applications in your opinion? I was using vmp 3.0.9, but I guess Themida is better... What do you think guys?
VirtualPuppet Posted March 23, 2018 Posted March 23, 2018 (edited) 20 minutes ago, recrc said: UPX UPX is utter shit, lol... VMProtect and Themida both has its strengths. VMProtect is heavy in obfuscation, but the virtual protection machines are super simply, while Themida has somewhat heavy obfuscation (not as heavy as VMProtect), but their virtual machine protection are millenia ahead. Edited March 23, 2018 by VirtualPuppet
atom0s Posted March 23, 2018 Posted March 23, 2018 UPX is not a protector at all, it is simply a packer. As for VMProtect and Themida that VirtualPuppet recommended, those are your best two options on the market currently, however, keep in mind there are scripts to decompile the 32bit versions of both the packers.
JohnWho Posted June 2, 2018 Posted June 2, 2018 If you dont already know how to use a debugger then you should learn it so you manually can set vm start/end on vital functions and not least sub functions. Dont have the entire registration check in one function, split it up in many parts and virtualize them all. Have more than one registration check. I would probably go for Themida because of its virtual machine. Both protections are simple to patch without unpacking, both x86 and x64 binaries, so if you dont virtualize the proper functions your program could be a easy target.
icarusdc Posted June 3, 2018 Posted June 3, 2018 @JohnWho so if the proper functions are virtualized then it will be impossible to make a memory patch? like a loader. Salam.
VirtualPuppet Posted June 3, 2018 Posted June 3, 2018 37 minutes ago, icarusdc said: @JohnWho so if the proper functions are virtualized then it will be impossible to make a memory patch? like a loader. Salam. No, everything is possible. You can hook the VM handlers.
3dsboy08 Posted June 3, 2018 Posted June 3, 2018 2 hours ago, VirtualPuppet said: No, everything is possible. You can hook the VM handlers. Probably would be easier to just devirtualize and hook the result instead of hooking mid-VM and having to reverse engineer the VM state structure (idk how Themida's VM works, but I would guess that is a basic idea) for that specific handler and modifying there.
VirtualPuppet Posted June 3, 2018 Posted June 3, 2018 1 hour ago, 3dsboy08 said: Probably would be easier to just devirtualize and hook the result instead of hooking mid-VM and having to reverse engineer the VM state structure (idk how Themida's VM works, but I would guess that is a basic idea) for that specific handler and modifying there. Yes, it is extremely tedious, but my point was that everything can be done
JohnWho Posted July 7, 2018 Posted July 7, 2018 I know this is old but i still wanna reply. Most virtualized targets i've worked on was solved by 1). skipping virtualized function(s) all together, done that a lot 2). changing result of virtualized function, a basic approach 3). patching/hooking the VM itself
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now