Hi, I have a program that is packed with vmp , when I run it and try to make any patch, the x64dbg writes to me that 0/2 patches have been applied , I know that this may be due to the fact that the program is packed and when unpacking it unpacks the exe that was originally packed 🤒

so make a loader :? with dUP

 

An easier solution is to write a loader to patch the bytes in memory, like @whoknows suggested

If you want to bypass the memory protection of VMProtect 3.x, you can set some flags of hProcess:

• PROCESS_VM_OPERATION
• PROCESS_VM_READ
• PROCESS_VM_WRITE

Then try using WriteProcessMemory or NtWriteVirtualMemory to modify the memory.

On 8/9/2024 at 9:54 PM, boot said:

If you want to bypass the memory protection of VMProtect 3.x, you can set some flags of hProcess:

• PROCESS_VM_OPERATION
• PROCESS_VM_READ
• PROCESS_VM_WRITE

Then try using WriteProcessMemory or NtWriteVirtualMemory to modify the memory.

Sorry for asking in this thread, but you are only here who knows to much @boot. Can you tell me how to trace call from user32.dll messagebox to original call , what i mean where calling from exe dll messagebox? Thanks in advance

@ user32.dll messagebox breakpoint switch to CALL STACK