yovimi Posted March 7, 2022 Posted March 7, 2022 Hi, I have a program that is packed with vmp , when I run it and try to make any patch, the x64dbg writes to me that 0/2 patches have been applied , I know that this may be due to the fact that the program is packed and when unpacking it unpacks the exe that was originally packed 🤒 1
ra1n Posted March 7, 2022 Posted March 7, 2022 An easier solution is to write a loader to patch the bytes in memory, like @whoknows suggested 1
boot Posted August 9 Posted August 9 If you want to bypass the memory protection of VMProtect 3.x, you can set some flags of hProcess: PROCESS_VM_OPERATION PROCESS_VM_READ PROCESS_VM_WRITE Then try using WriteProcessMemory or NtWriteVirtualMemory to modify the memory. 2
marko Posted August 26 Posted August 26 On 8/9/2024 at 9:54 PM, boot said: If you want to bypass the memory protection of VMProtect 3.x, you can set some flags of hProcess: PROCESS_VM_OPERATION PROCESS_VM_READ PROCESS_VM_WRITE Then try using WriteProcessMemory or NtWriteVirtualMemory to modify the memory. Sorry for asking in this thread, but you are only here who knows to much @boot. Can you tell me how to trace call from user32.dll messagebox to original call , what i mean where calling from exe dll messagebox? Thanks in advance
whoknows Posted August 26 Posted August 26 @Â user32.dll messagebox breakpoint switch to CALL STACK Â 1 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now