![]() ![]() Luckily, Themida also has a packing feature to reduce the size, where it reduced it to around ~1mb. A protected application with all protection options disabled is around ~2mb from the original ~100kb. Of course, the problem with this is pretty obvious: the size. There is also different 'styles' of VM: some faster but less secure, some more secure but less fast, etc. Themida has the ability to have different virtual machines (using a different architecture) inside of the same application. Themida's Virtualization however has one cool feature that VMP does not: Multiple VM architectures. It adds lots of random operations to the assembly instead of specifically mutating each opcode. Note though that these features that VMP does not have do not work on all application types.įor Themida's Mutation, it does it quite differently to VMP. While it also has the same protection features of VMP, it does it much differently and has a few more features that VMP does not have. There is also functionality for checking if debuggers are being ran, string encryption, methods of grabbing a unique identifier for the computers hardware, etc. You can decrease the size though by turning on the packing feature inside of VMProtect. The original ~100kb application was increased to around ~600kb after protection using this method. ![]() Note that this VM inserts a lot of overhead. It then inserts a "stub" function to call the VM where the actual code was supposed to be ran. On the other hand, Virtualization translates the code into a special format that only a special virtual machine can run. The resulting mutated code varies drastically per compilation. Mutation does what it says it does: it mutates the assembly code to make automated analysis of it harder. VMProtect has 3 protection modes: Mutation, Virtualization, and " Ultra" (both methods combined) To get us started, here is the "unprotected" version of a simple loop function that we will be protecting with both protectors to see what they output. I will also not be including the licencing features of either, I will only be talking about the protection methods they employ. I do not have a licence to Enigma, so I cannot tell about its protection features. This comparison will only include the protectors I personally have a licence for: VMProtect and Themida. All details shown are from my own personal research. Disclaimer: I do not work for any of the companies that make either of these pieces of software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |