Enigma extra threads

[Cataclismo]

Hi,
I've got a problem with The Engima Protector. After I protect (JUST protecting, no plugins, no checks, no virtualize, nothing) my executable it adds two threads (as I could see) and I am wondering if threads does ever close or not during the execution of the software.

[perfectcode]

.

[Enigma]

I've got a problem with The Engima Protector. After I protect (JUST protecting, no plugins, no checks, no virtualize, nothing) my executable it adds two threads (as I could see) and I am wondering if threads does ever close or not during the execution of the software.

What is the problem to have these threads...?

[Cataclismo]

I'm doing a thread check from inside my application. If the threads would close then that could be a problem. I've tested a bit (for about 2 mins) and I saw they are not closing. I hope they won't do it later.

[perfectcode]

.

[Alec]

As zylongaming suggested, this is not a good idea to check every thread you application has inside since threads can vary depending on OS and installed system software.

[Cataclismo]

Well, thank you for helping. Yeah, I've found that the threads count is different on every operating system. On Windows XP is always 15, but in Windows 7 it's between 25 and 30.
I wanted to do that to detect injection, but it seems I can't.

[Enigma]

You may detect injection by the name of the injected module. Use Windows API to enumerate all modules and detect injects by:
- file name
- or, even better, by the module signature, for eg, content of import/export directory, resources, hash of code section etc