VMProtect is a new generation software protection utility. VMProtect supports Delphi, Borland C Builder, Visual C/C++, Visual Basic (native), Virtual Pascal and XCode compilers.
Meanwhile, VMProtect has a built-in disassembler that works with Windows and Mac OS X executables, and can also link MAP files created by the compiler to quickly select code fragments to protect.
To easily automate application protection tasks, VMProtect implements a built-in scripting language. VMProtect fully supports 32/64-bit operating systems of the Windows family (starting from Windows 2000) and Mac OSX (starting from version 10.6). Importantly, VMProtect supports the full range of executables regardless of the target platform, i.e. the Windows version can handle the Mac OS X version's files and vice versa.
VMProtect latest download 
https://www.evget.com/product/1859
VMProtect is a solid tool for protecting application code from analysis and cracking, but it can only be used most effectively if the in-app protection mechanism is properly built and free of typical bugs that can destroy the entire protection.
Let's take a look at a very simple application consisting of only one form (Form1), one text element (Edit1) and one button (Button1). The application works like this: When Button1 is clicked, the application checks if the password entered is correct and displays an appropriate message.
We check the password using a very simple algorithm: first, we convert it to numeric form, then calculate the remainder when dividing by 17. If the numeric representation of the password entered is divided by the remainder, the password is correct 17 is equal to 13. The password checker implementation on Delphi looks like this:
function TForm1.CheckPassword: Boolean;
begin
Result:=(StrToIntDef(Edit1.Text, 0) mod 17=13);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
if CheckPassword then
MessageDlg('Correct password', mtInformation, [mbOK], 0)
else
begin
MessageDlg('Incorrect password', mtError, [mbOK], 0);
Edit1.SetFocus;
end;
end;Selecting the procedures and functions to protect can be done in three ways:
- A MAP file created with a compiler and the program's executable file. The MAP file contains all necessary information about the names and addresses of all procedures and functions of the application. If you use a MAP file, you can choose which procedures and functions to protect by name. Using a MAP file, VMProtect automatically determines the new addresses of procedures and functions every time the project is recompiled.
- Use tags inserted into the application source code. Markers are special markers used by VMProtect to determine the boundaries of protected fragments. Additionally, VMProtect supports tags with predefined compilation types. Using tags makes sense when you only want to protect part of a function or procedure. Using tags allows you to specify the portion of code that is a string constant to be protected.
- By the address of the protected procedure in the executable. Compared with the above two methods, this method is not very convenient to use. You must reassign all addresses every time you modify and recompile your application. This type of protection is recommended for applications for which no source code is available.
There is an even more important advantage to using a MAP file to define the boundaries of protected code. Almost all procedures or functions that have local variables or use the stack to save registers and/or intermediate calculation results have so-called prologues and epilogues, which are located at the beginning and end of the compiled procedure or function accordingly:
push ebp \
mov ebp, esp \ prologue
push 00 /
push ebx /
...
pop ebx \
pop ecx \ epilogue
pop ebp /
ret /Due to the way modern compilers work, code markers never include function prologues and epilogues. Even the entire code of the CheckPassword function between the start and end is enclosed in tags. A hacker modifying the prologue of a function is enough to make the virtualized code never get executed. For the CheckPassword function, this can be done as follows:
mov eax, 1
retimportant hint:
If a MAP file is used to select code fragments for virtualization, the prologue and epilogue will also be virtualized, increasing the hacker resistance of the protected program. Furthermore, if one virtualized function is called by another virtualized function, control is transferred between them without actually jumping to the address of the called function (in this case, the call is simply a jump to the virtual machine another address in the interpreter bytecode). This also increases the protection of the program, since all modifications made by hackers to the entry points become useless. When using virtualized functions, control is transferred to the virtualized function's entry point only when the protected function is called from an unprotected or mutated code fragment.
The above is the sharing of this article. If you have any software problems, please chat with me privately or join the official technical exchange group 766135708.