Hi,
I've got a problem with The Engima Protector. After I protect (JUST protecting, no plugins, no checks, no virtualize, nothing) my executable it adds two threads (as I could see) and I am wondering if threads does ever close or not during the execution of the software.
Enigma extra threads
-
- Posts: 28
- Joined: Tue Oct 30, 2012 8:15 am
Re: Enigma extra threads
.
Last edited by perfectcode on Sat Apr 20, 2019 8:05 am, edited 1 time in total.
Re: Enigma extra threads
What is the problem to have these threads...?Cataclismo wrote:I've got a problem with The Engima Protector. After I protect (JUST protecting, no plugins, no checks, no virtualize, nothing) my executable it adds two threads (as I could see) and I am wondering if threads does ever close or not during the execution of the software.
-
- Posts: 6
- Joined: Tue Jan 13, 2015 9:17 pm
Re: Enigma extra threads
I'm doing a thread check from inside my application. If the threads would close then that could be a problem. I've tested a bit (for about 2 mins) and I saw they are not closing. I hope they won't do it later.
-
- Posts: 28
- Joined: Tue Oct 30, 2012 8:15 am
Re: Enigma extra threads
.
Last edited by perfectcode on Sat Apr 20, 2019 8:05 am, edited 1 time in total.
Re: Enigma extra threads
As zylongaming suggested, this is not a good idea to check every thread you application has inside since threads can vary depending on OS and installed system software.
-
- Posts: 6
- Joined: Tue Jan 13, 2015 9:17 pm
Re: Enigma extra threads
Well, thank you for helping. Yeah, I've found that the threads count is different on every operating system. On Windows XP is always 15, but in Windows 7 it's between 25 and 30.
I wanted to do that to detect injection, but it seems I can't.
I wanted to do that to detect injection, but it seems I can't.
Re: Enigma extra threads
You may detect injection by the name of the injected module. Use Windows API to enumerate all modules and detect injects by:
- file name
- or, even better, by the module signature, for eg, content of import/export directory, resources, hash of code section etc
- file name
- or, even better, by the module signature, for eg, content of import/export directory, resources, hash of code section etc