Posted March 7, 20223 yr Hi, I have a program that is packed with vmp , when I run it and try to make any patch, the x64dbg writes to me that 0/2 patches have been applied , I know that this may be due to the fact that the program is packed and when unpacking it unpacks the exe that was originally packed 🤒
March 7, 20223 yr An easier solution is to write a loader to patch the bytes in memory, like @whoknows suggested
August 9, 20241 yr If you want to bypass the memory protection of VMProtect 3.x, you can set some flags of hProcess: PROCESS_VM_OPERATION PROCESS_VM_READ PROCESS_VM_WRITE Then try using WriteProcessMemory or NtWriteVirtualMemory to modify the memory.
August 26, 20241 yr On 8/9/2024 at 9:54 PM, boot said: If you want to bypass the memory protection of VMProtect 3.x, you can set some flags of hProcess: PROCESS_VM_OPERATION PROCESS_VM_READ PROCESS_VM_WRITE Then try using WriteProcessMemory or NtWriteVirtualMemory to modify the memory. Sorry for asking in this thread, but you are only here who knows to much @boot. Can you tell me how to trace call from user32.dll messagebox to original call , what i mean where calling from exe dll messagebox? Thanks in advance
Create an account or sign in to comment