Quote:
Originally Posted by Conquest
This is unreliable method . Readprocessmemory passes through kernel calls and has no exact cycle count to estimate each loop time . I am not criticizing what you did, its a decent method of course . rather i will advice you to use proxy dll methods to detect it, its much faster and less chance to miss the spot as the dll can read the memory space directly.(i personally use proxy dll to trick themida bypassing the vmware checks .)
|
Well as long as it works every time and on any OS I wouldnt call it unrelieable, but ofcourse it isnt a "search and replace loader" so if addresses change it wont work ofcourse.