It has since been defeated by Deathway and is now considered weak since it's actually rather simple once you start to understand it. VMProtect's virtual machine is almost an exact replica of the Themida CISC VM featuring stronger obfuscation, and as such it works in the exact same way, which makes it almost equally weak.
If you want to compare the complexity of the newer Themida VMs e. EAGLE vs. VMProtect's VM, you're probably looking at a complexity scale saying or something like that. TL;DR Don't listen to the guys above, as they are completely clueless on the topic. Pick Themida if you have to choose between the two of them. I think you're either trolling or extremely retarded because you're clearly uninformed. If you're talking about protection, as JohnWho stated, everything can be unpacked, and easily even.
The real dealbreaker is the virtualization. Well we are talking about protection , as OP requested " I would like to protect a small Win32 file and deciding which protection software to use" not virtualization. If we're talking about the best virtualization, agile. Sorry, I am new to this. I want to protect my file from being reverse engineered, so it seems that virtualization is what I want.
First you claim virtualization is not "protection"..? If he OP wants protection, and asks which protection software to go with, it includes all features of the protection software, such as virtualization. Themida offers exceptional protection in real situations, when you don't want people to understand certain functions.
Next you pick a. NET virtualizer and tell us that, if we're to deduce the best virtualization protection software while the choice stands between VMProtect and Themida we should pick Agile. In case that point flew over your head, here's another stupid point to this:. Don't put words in my mouth. Never claimed virtualization isn't protection.
OP didn't ask for a native packer , stop assuming because it makes you look extremely uninformed and stupid. It ISN'T protection at all. Clearly you're the latter. OP is looking for constructive feedback , not some edgy 14 year olds opinion on freeware. Sprux thank you very much for your detailed response.
Do not listen to that idiot. Themida is NOT an obfuscator , here's literally the developer of themida saying it himself. You make me cry a little everytime I see your replies. I will before-hand declare that this is my last response to your impeccable rant of stupidity, but I feel the need to put out these points.
Well guessing from the first post of the topic creator, he wants to use virtualization as protection otherwise he wouldn't think about VMProtect or? I didn't invest time in reversing Themida protected targets yet, neither code virtualized targets but soon. Currently I'm working on VMProtect a lot in my free time, and what I can say that the VMs have a pretty straightforward pattern when it comes to the handlers. For me the biggest problem was actually the mutation of the assembly, but with compiler optimization techniques you can clean up the code pretty good and continue your analysis on the demutated code which is one half the devirtualization process.
The other half is pretty much identifying how the handlers work, analyzing them and translating them back but even this is dynamically possible with coding and I would think it's less effort than reversing the different themida vms.
Themida's newer VMs furthermore utilizes combined handlers, so that one handler can be responsible for multiple operations, while also being mutable across processes, meaning that one handler can be responsible for e. But since I don't have a lot of knowledge about Oreans Virtualizer I'm wondering how strongly the different VMs are from each other.
Like is there strong polymorphism which makes it really difficult to automate the process of devirtualization? Also those hybrid VMs seem to have a more serious impact on performance I believe? And my last question would be: I saw that there are not only those animal names for the VMs but also colors? Yes, that is correct. Let's take FISH for example: The fact that it combines handlers makes room for huge polymorphism, as it can make different handler-combinations for the different files.
Also, it has tons of "protection templates", which is basically annoying little "if" checks that it uses for internal cryptographic registers, such as:.
This also means that you have to deduce the execution-path branching , which makes the process much harder, and this is just one of many tricks you'll come across in this ocean of cancer. FISH is the most distinctive, as it has those operation-combination handlers, which makes for really big handlers.
It's a type of protection template, I guess one could say. Yes, the hybrid VMs takes a really hard toll on performance. The user gives explicit consent to detect this kind of applications. It is not a problem for us to promptly remove detection for legit programs. Marcos , Sep 7, Joined: Sep 7, Posts: The problem here is that our company has been recommending NOD32 for the last year, and we also rely a lot on Themida.
Is Themida detection just recently added to NOD32? We will monitor our user areas and see if we get reports in. I do understand users have to specifically check certain options, and I was able to get NOD32 to detect a potentially unwanted application.
But the fact that it will label it as a "threat" concerns me, and it does not identify the setting in NOD32 that caused this detection. So therefore customers could think it is a virus. The NOD32 interface should say "A potentially unsafe application was found" We have many EXE's all over the world using Themida, and this does cause me some concern.
But, if we get a very rare report of this going forward, then hopefully the interference will be minimal.
But as I am sure Rafael is concerned, I am concerned about NOD32's wording or not identifying the "threat" category when it finds Themida. Also, we could not submit all our EXE's. That would be entirely impractical and some of our EXE's are too big to submit. We got a customer writing already. I really hope something is changed. We will certainly discuss this matter with the developers. I just proposed them a solution so that both parties are satisfied.
Joined: Sep 11, Posts: 2 Location: Houston. After a lot of research we have definately got a Themida protected virus. Themida is preventing McAFee from stopping it. We have determined that Themida is too dangerous to our environment to allow any product protected by Themida on the network.
We can not have 27, nodes exposed to such a threat. The only string in the infected executables that can be detected is "themida" So we have asked McAfee to treat any excutable with the Themida string as a virus.
Just like we can't blame the gun manufactures for the people that use guns to commit crimes we can not blame the writes of Themida.
However, we do have a company policy where guns are not allowed, So the same will now go for Themida as well. It is my opinion that the writers of Themida have a responsibility to collaborate with the Anti-Virus companies to come up with a solution that allows for their lgitimately protected clients to operate while allowing the Virus Scan tools to destroy evilware. Marcos , Sep 11, Like I point out; a gun in the wrong hands is a dangerous thing No links to malware, cracks, etc on these forums.
I find it a bit ironic that a product that is designed to protect software developers from having their intellectual property stolen is a victim of having their intellectual property stolen.
Last edited by a moderator: Sep 11, Themida a short time ago when attempting to install a add-on aircraft to Microsoft Flight Simulator from the Flight1 software vendor. They are a reputable company that I've done business with on several occasions, but have now contacted them since I fully trust NOD If this is a false-positive, then I indeed think there is some problem, especially for the company using Themida.
CDreier , Sep 12, Originally Posted by Raple. Themida packed files won't be approved for future releasers, you'll have to unpack and upload yourself again. Originally Posted by Color.
Originally Posted by turb0z. I have problem with themida.. I did exactly like what u did but after its finished I tried open it in-game it only show themida popup in the middle of the screen..
Page 1 of 2 1 2 Last Jump to page:. Replies: 10 Last Post: , PM. Replies: 10 Last Post: , AM. Replies: 53 Last Post: , PM. How to get your hacks to work!!!
0コメント