|
This is unreliable method . Readprocessmemory passes through kernel calls and has no exact cycle count to estimate each loop time . I am not criticizing what you did, its a decent method of course . rather i will advice you to use proxy dll methods to detect it, its much faster and less chance to miss the spot as the dll can read the memory space directly.(i personally use proxy dll to trick themida bypassing the vmware checks .)
|