Are u adding memory loaded dll into the PEB ? If not then what about resources inside of the dll, can i access 'em using standard resource api ?

unwake
Yep it should. Whats the compiler of ur app and res exe size ?

1. You should use vm in that parts of ur code what r not requring high execution speed but r critical for ur app engine 2. Not virtualized, code will be cleaned after the first execution, use it only in some init stuff that requires high execution speed, if there is no such places u should use vm in...

No, he can't. Why u think that undetection will help in protection ?

No, u don't. Analyzer technique depends on signatures (some unique bytes sequence, one of thousands for enigma) also called as stubs. U can't hide from a scanner and hiding is not the point of the executable protection, this one goes to malware.

UAC at non'standard settings was always an evil. This accords to the wmi and such funcs as DeviceIoControl(), also there was strange UAC rule in vista x64 until KB_dont_remember_patch_num_ that CreateFile() needed admin rights to access some devices even with read_share & generic_read. So protec...

@writer
Ofcourse exes are dropping to the hard drive cuz implementation of exe memory loading is complicated. If you want to disable this firewall popup you need to sign your executables with cert that has trusted root (for ex. verisign).

I didn't look inside of ur protector yet and don't know about vm organization :D Anyway on my opinion the best opcode set is risc-based, i used to write my own vm for few private projects, one is stack-based risc vm where im parsing each opcode into the set of add, imul etc opcodes that r not touchi...

Thx, i hope that in every next build vm opcodes set will be different comparing with previous one, am i right ?

Hello, i wanna know 'bout mutation of native vm code - does it present at all ?