anti debugger in v4.30 and later versions
anti debugger in v4.30 and later versions
hello
I have a DLL which has protected just anti debugger in two versions of Enigma protector . when my sample app with that DLL debugged in Visual studio , we have two different out put:
1- in 4.30 version, my sample app debugged without problem!!! ( Unlike my expectation)
2-in v6.80 and v7.0 demo version, my sample app could not debugged ( according to my expectation)
was this subject a bug in v4.3o version?
I have a DLL which has protected just anti debugger in two versions of Enigma protector . when my sample app with that DLL debugged in Visual studio , we have two different out put:
1- in 4.30 version, my sample app debugged without problem!!! ( Unlike my expectation)
2-in v6.80 and v7.0 demo version, my sample app could not debugged ( according to my expectation)
was this subject a bug in v4.3o version?
Re: anti debugger in v4.30 and later versions
Hi, this is not a bug. Visual Studio is using also a debugger to trace the file, like other debuggers that crackers are using. Thus protection hangs on it.
Nothing can be do, except switching off the anti-debugger protection feature.
Nothing can be do, except switching off the anti-debugger protection feature.
Re: anti debugger in v4.30 and later versions
thanks for reply
Shouldn't the dll debug be prevented instead of customer's app debug ? Now customer's app that call protected dll can not be debug!!we just want not to patched our DLL by attacker.
more info: my protected dll is in release mode and customer's app is in debug mode.
Shouldn't the dll debug be prevented instead of customer's app debug ? Now customer's app that call protected dll can not be debug!!we just want not to patched our DLL by attacker.
more info: my protected dll is in release mode and customer's app is in debug mode.
Re: anti debugger in v4.30 and later versions
Hi, yes, in this specific case the checkup - anti-debugger feature should be disabled in Enigma Protector.
Once disabled, then your customer can trace the application, right?
Once disabled, then your customer can trace the application, right?
Re: anti debugger in v4.30 and later versions
Yes .
I thought anti-debugging was a common way to prevent reverse engineering, so I have to think about other obfuscation techniques, such as string encryption. right?
I thought anti-debugging was a common way to prevent reverse engineering, so I have to think about other obfuscation techniques, such as string encryption. right?
Re: anti debugger in v4.30 and later versions
Protected Strings and others are good features, but the strongest protection can be applied with Virtual Machine, specially RISC virtual machine.
Implement it using Virtual Machine - Functions Selecting (with help of MAP file) and/or with vm_begin/vm_end and vm_risc_begin/vm_risc_end code markers.
Implement it using Virtual Machine - Functions Selecting (with help of MAP file) and/or with vm_begin/vm_end and vm_risc_begin/vm_risc_end code markers.
Re: anti debugger in v4.30 and later versions
Thank you. Is it applied to my C++ SDK, we send it as a DLL for customer app .
Last edited by mahzad on Sat Dec 03, 2022 5:44 am, edited 3 times in total.
Re: anti debugger in v4.30 and later versions
Do you compile your c++ application in x86 or x64, or both?
Re: anti debugger in v4.30 and later versions
Hi both of them but more x86.
your virtual machine technology is just for 64bit DLL , SO I can use just protected string for 32 bit dll, right?
your virtual machine technology is just for 64bit DLL , SO I can use just protected string for 32 bit dll, right?
Last edited by mahzad on Mon Dec 05, 2022 12:21 pm, edited 1 time in total.
Re: anti debugger in v4.30 and later versions
For C++ you can use code markers to select parts of code that you would like to protect with virtual machine.
The code sample is the following:
#include "enigma_ide.h" - includes Enigma API, find it in EnigmaSDK function (together with enigma_ide.lib/enigma_ide64.lib)
EP_Marker("vm_begin")/EP_Marker("vm_end") - markers of the region of code which you would like to protect
vm_begin/vm_end - protection with classic virtual machine
vm_risc_begin/vm_risc_end - protection with classic virtual machine
Also, contact us support@enigmaprotector.com, we give you version 7.20, in this version there is same way to select code markers using Enigma API - EP_Marker function. Before this version there are different ways used in x86 and x64 versions.
The code sample is the following:
Code: Select all
#include "enigma_ide.h"
int main()
{
std::cout << "Before VM\n";
EP_Marker("vm_begin");
std::cout << "It is inside VM marker!\n";
EP_Marker("vm_end");
std::cout << "After VM\n";
}
EP_Marker("vm_begin")/EP_Marker("vm_end") - markers of the region of code which you would like to protect
vm_begin/vm_end - protection with classic virtual machine
vm_risc_begin/vm_risc_end - protection with classic virtual machine
Also, contact us support@enigmaprotector.com, we give you version 7.20, in this version there is same way to select code markers using Enigma API - EP_Marker function. Before this version there are different ways used in x86 and x64 versions.