#31
|
|||
|
|||
TQN? Could anyone provide a working source for VMPROTECT (compiling out of the box GUI)?
|
#32
|
|||
|
|||
The source provided by TQN already compiles out of box. It has the modified files. You would need to install the Qt and dependencies ofc.
|
#33
|
|||
|
|||
I have the exact same error. My VM is Win7, so I wonder if it's an OS problem?
|
#34
|
|||
|
|||
qwindows.dll present?
|
#35
|
|||
|
|||
Quote:
A little test made with it. Just vmprotected notepad.exe - 68kb with only EP virtualized and the output file size is 5626kb. For compare the same output with 3.09 is 2222kb. With 3.4 is 5249kb. With 3.5.1 is 6828kb and with 3.6 is 6136kb. So conclusion this are Vmprotect 3.5 sources most likely. |
#36
|
|||
|
|||
Quote:
Adding more details, this debug version requires debug version of the MSVCRT. Easiest way to do this is to run this on a machine with VS 2022 installed. Or you can install the debug version of the MSVCRT. Both ways work. Third way: If you googled it, it's coming as the first hit for me. |
The Following User Says Thank You to Jaspreet Singh For This Useful Post: | ||
niculaita (12-13-2023) |
#37
|
||||
|
||||
Did someone say Citrix? You can hear VMP screaming from here.
__________________
Best Wishes, Fyyre -- https://github.com/Fyyre |
#38
|
|||
|
|||
I manually compiled one, and there is indeed a lot of content that needs to be configured
|
#39
|
|||
|
|||
VMRotect 3.5.1 disable renaming
VMRotect 3.5.1 disable renaming:
\core\dotnetfile.cc void NETArchitecture::RenameSymbols() { .. if (full_name == "System.Reflection.ObfuscateAssemblyAttribute") { ... } 00B7C3D1 . 897F 04 MOV DWORD PTR DS:[EDI+0x4],EDI 00B7C3D4 . 893F MOV DWORD PTR DS:[EDI],EDI 00B7C3D6 . 897F 08 MOV DWORD PTR DS:[EDI+0x8],EDI 00B7C3D9 . C743 04 00000000 MOV DWORD PTR DS:[EBX+0x4],0x0 00B7C3E0 . 8B5D C4 MOV EBX,DWORD PTR SS:[EBP-0x3C] 00B7C3E3 . F703 00000400 TEST DWORD PTR DS:[EBX],0x40000 00B7C3E9 . 74 07 JE SHORT 00B7C3F2 ; VMProtec.00B7C3F2 00B7C3EB . 8BCE MOV ECX,ESI 00B7C3ED . E8 8EB70000 CALL 00B87B80 ; VMProtec.00B87B80 00B7C3F2 > FFB3 D8000000 PUSH DWORD PTR DS:[EBX+0xD8] 00B7C3F8 . 8B8E 94000000 MOV ECX,DWORD PTR DS:[ESI+0x94] rename of symbols from assembly: 00BA7B80 $ 55 PUSH EBP to be changed to ret to not rename 00B87B80 $ 55 PUSH EBP for (i = 0; i < rename_token_list.size(); i++) { RenameToken(rename_token_list[i]); } reference_list.UpdateNames(); void NETArchitecture::RenameToken(ILToken *token) { ... id |= 0xA0000000; new_name = string_format("%.8X", id); } 00D0A790 $ 55 PUSH EBP // RenameToken Local calls from 00BAA600, 00BAF6BB, 00BCD754, 00BCDAC8, 00BDE233 The 00BAF6BB 00BAF1B4 . /74 5D JE SHORT 00BAF213 ; VMProtec.00BAF213 00BAF6AE . 85FF TEST EDI,EDI 00BAF6B0 . 74 19 JE SHORT 00BAF6CB ; to jump 00BAF6B2 > FF34B2 PUSH DWORD PTR DS:[EDX+ESI*4] 00BAF6B5 . 8B8D 4CFEFFFF MOV ECX,DWORD PTR SS:[EBP-0x1B4] 00BAF6BB . E8 D0B0FFFF CALL 00BAA790 ; VMProtec.00BAA790 00BAF6C0 . 8B95 38FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x1C8] 00BAF6C6 . 46 INC ESI 00BAF6C7 . 3BF7 CMP ESI,EDI 00BAF6C9 .^ 72 E7 JB SHORT 00BAF6B2 ; VMProtec.00BAF6B2 if (!HWID.IsCorrect(value)) { ShowMessage("This application cannot be executed on this computer."); return false; } loader_string_list[FACE_UNREGISTERED_VERSION] = AddCommand(EncryptString( #ifdef DEMO true #else (ctx.options.flags & cpUnregisteredVersion) #endif ? os::FromUTF8(VMProtectDecryptStringA("This application is protected with unregistered version of VMProtect.")).c_str() : os::unicode_string().c_str(), string_key)); VMProtectEnd(); #ifndef DEMO if (VMProtectGetSerialNumberState() == SERIAL_STATE_SUCCESS) { options.flags |= cpEncryptBytecode; if ((options.flags & cpMemoryProtection) == 0) options.flags |= cpLoaderCRC; } else options.flags |= cpUnregisteredVersion; #endif int VMP_API VMProtectGetSerialNumberState() { #ifdef WIN_DRIVER return SERIAL_STATE_FLAG_INVALID; #else if (!g_serial_is_correct) return SERIAL_STATE_FLAG_INVALID; if (g_serial_is_blacklisted) return SERIAL_STATE_FLAG_BLACKLISTED; int res = 0; char buf[256]; if (GetIniValue("TimeLimit", buf, sizeof(buf))) { int running_time = atoi(buf); if (running_time >= 0 && running_time <= 255) { uint32_t dw = GetTickCount(); int d = (dw - g_time_of_start) / 1000 / 60; // minutes if (running_time <= d) res |= SERIAL_STATE_FLAG_RUNNING_TIME_OVER; } } if (GetIniValue("ExpDate", buf, sizeof(buf))) { int y, m, d; if (sscanf_s(buf, "%04d%02d%02d", &y, &m, &d) == 3) { uint32_t ini_date = (y << 16) + (static_cast uint32_t cur_date; #ifdef VMP_GNU time_t rawtime; time(&rawtime); struct tm local_tm; tm *timeinfo = localtime_r(&rawtime, &local_tm); cur_date = ((timeinfo->tm_year + 1900) << 16) + (static_cast #else SYSTEMTIME st; GetLocalTime(&st); cur_date = (st.wYear << 16) + (static_cast #endif if (cur_date > ini_date) res |= SERIAL_STATE_FLAG_DATE_EXPIRED; } } if (GetIniValue("MaxBuildDate", buf, sizeof(buf))) { int y, m, d; if (sscanf_s(buf, "%04d%02d%02d", &y, &m, &d) == 3) { uint32_t ini_date = (y << 16) + (static_cast uint32_t cur_date; #ifdef VMP_GNU time_t rawtime; time(&rawtime); struct tm local_tm; tm *timeinfo = localtime_r(&rawtime, &local_tm); cur_date = ((timeinfo->tm_year + 1900) << 16) + (static_cast #else SYSTEMTIME st; GetLocalTime(&st); cur_date = (st.wYear << 16) + (static_cast #endif if (cur_date > ini_date) res |= SERIAL_STATE_FLAG_MAX_BUILD_EXPIRED; } } if (GetIniValue("KeyHWID", buf, sizeof(buf))) { char buf2[256]; GetIniValue("MyHWID", buf2, sizeof(buf2)); if (strcmp(buf, buf2) != 0) res |= SERIAL_STATE_FLAG_BAD_HWID; } return res; #endif } 0045A2B2 . F7D0 NOT EAX 0045A2B4 . 2385 C0FEFFFF AND EAX,DWORD PTR SS:[EBP-0x140] 0045A2BA . 8985 C0FEFFFF MOV DWORD PTR SS:[EBP-0x140],EAX 0045A2C0 . A9 00040000 TEST EAX,0x400 0045A2C5 . 75 0B JNZ SHORT 0045A2D2 ; VMProtec.0045A2D2 0045A2C7 . 25 FFFFFDFF AND EAX,0xFFFDFFFF 0045A2CC . 8985 C0FEFFFF MOV DWORD PTR SS:[EBP-0x140],EAX 0045A2D2 > FF15 08B26500 CALL DWORD PTR DS:[0x65B208] ; VMProt_1.VMProtectGetSerialNumberState 0045A2D8 . 85C0 TEST EAX,EAX 0045A2DA . 8B85 C0FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x140] 0045A2E0 . 75 19 JNZ SHORT 0045A2FB ; VMProtec.0045A2FB VMProt_1.VMProtectGetSerialNumberState is from VMProtectSDK32.dll I realize all you have to do is place VMProtectLicense.ini in same directory. |
The Following User Says Thank You to CodeCracker For This Useful Post: | ||
Apuromafo (10-22-2024) |
#40
|
|||
|
|||
@CodeCracker
why do you need to patch smth on binary level if you have got full VMP sources? |
Thread Tools | |
Display Modes | |
|
|