Jump to content
Tuts 4 You
Steve

C++ application protector

Recommended Posts

Steve

Hi all,

What is the best protector for c++ applications in your opinion?

I was using vmp 3.0.9, but I guess Themida is better...

What do you think guys?

Share this post


Link to post
Share on other sites
HostageOfCode

UPX :)

Share this post


Link to post
Share on other sites
VirtualPuppet
Posted (edited)
20 minutes ago, recrc said:

UPX :)

UPX is utter shit, lol...

VMProtect and Themida both has its strengths. VMProtect is heavy in obfuscation, but the virtual protection machines are super simply, while Themida has somewhat heavy obfuscation (not as heavy as VMProtect), but their virtual machine protection are millenia ahead.

Edited by VirtualPuppet (see edit history)

Share this post


Link to post
Share on other sites
atom0s

UPX is not a protector at all, it is simply a packer.

As for VMProtect and Themida that VirtualPuppet recommended, those are your best two options on the market currently, however, keep in mind there are scripts to decompile the 32bit versions of both the packers. 

Share this post


Link to post
Share on other sites
HostageOfCode

I know it was just a joke :+

Share this post


Link to post
Share on other sites
JohnWho

If you dont already know how to use a debugger then you should learn it so you manually can set vm start/end on vital functions and not least sub functions. Dont have the entire registration check in one function, split it up in many parts and virtualize them all. Have more than one registration check.

I would probably go for Themida because of its virtual machine.

Both protections are simple to patch without unpacking, both x86 and x64 binaries, so if you dont virtualize the proper functions your program could be a easy target.

Share this post


Link to post
Share on other sites
icarusdc

@JohnWho

so if the proper functions are virtualized then it will be impossible to make a memory patch? like a loader.

 

 

Salam.

Share this post


Link to post
Share on other sites
VirtualPuppet
37 minutes ago, icarusdc said:

@JohnWho

so if the proper functions are virtualized then it will be impossible to make a memory patch? like a loader.

 

 

Salam.

No, everything is possible. You can hook the VM handlers.

Share this post


Link to post
Share on other sites
3dsboy08
2 hours ago, VirtualPuppet said:

No, everything is possible. You can hook the VM handlers.

Probably would be easier to just devirtualize and hook the result instead of hooking mid-VM and having to reverse engineer the VM state structure (idk how Themida's VM works, but I would guess that is a basic idea) for that specific handler and modifying there.

Share this post


Link to post
Share on other sites
VirtualPuppet
1 hour ago, 3dsboy08 said:

Probably would be easier to just devirtualize and hook the result instead of hooking mid-VM and having to reverse engineer the VM state structure (idk how Themida's VM works, but I would guess that is a basic idea) for that specific handler and modifying there.

Yes, it is extremely tedious, but my point was that everything can be done ;)

Share this post


Link to post
Share on other sites
JohnWho

I know this is old but i still wanna reply. Most virtualized targets i've worked on was solved by

1). skipping virtualized function(s) all together, done that a lot

2). changing result of virtualized function, a basic approach

3). patching/hooking the VM itself

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×