Thread: Simple VMProtect Loader (C++)
View Single Post
  #4  
Old 10-19-2014, 04:11
0x22 0x22 is offline
Family
  
Join Date: Aug 2014
Posts: 66
Rept. Given: 14
Rept. Rcvd 47 Times in 18 Posts
Thanks Given: 12
Thanks Rcvd at 64 Times in 21 Posts
0x22 Reputation: 47
Quote:
Originally Posted by mr.exodia View Post
Hi,

Nice stuff, but could you also explain where you got the constants 0x447E2A and 0x00A89010 ?

Greetings
0x00447E2A is the place where i patched(the crack itself), change it to where you wish to patch.
0x00A89010 is taken from the dump window, anywhere near your previous patch(explained above).
The loader will now know exactly when to patch, not a second before and not a second later(to avoid being caught by the VMP self checks)

In other words when 0x00A89010 is being read by the loader it will read the first bytes in the buffer 0xE4 and then second buffer 0xA6.
If this equals, it will know that "now is the time to insert patch".

Might also explain this:
buffer[0] = 0x90;
buffer[1] = 0x90;
buffer[2] = 0x90;
buffer[3] = 0x90;
buffer[4] = 0x90;

0x90 = nop as we all know,
It will now nop 5 times at 0x00447E2A, -> 90 90 90 90 90
Last edited by 0x22; 10-19-2014 at 04:18.
Reply With Quote
The Following User Gave Reputation+1 to 0x22 For This Useful Post:
mr.exodia (10-19-2014)