anti debugger in v4.30 and later versions

x64 version issues
mahzad
Posts: 9
Joined: Wed Jul 27, 2022 6:36 am

anti debugger in v4.30 and later versions

Post by mahzad »

hello

I have a DLL which has protected just anti debugger in two versions of Enigma protector . when my sample app with that DLL debugged in Visual studio , we have two different out put:
1- in 4.30 version, my sample app debugged without problem!!! ( Unlike my expectation)
2-in v6.80 and v7.0 demo version, my sample app could not debugged ( according to my expectation)

was this subject a bug in v4.3o version?
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: anti debugger in v4.30 and later versions

Post by Enigma »

Hi, this is not a bug. Visual Studio is using also a debugger to trace the file, like other debuggers that crackers are using. Thus protection hangs on it.

Nothing can be do, except switching off the anti-debugger protection feature.
mahzad
Posts: 9
Joined: Wed Jul 27, 2022 6:36 am

Re: anti debugger in v4.30 and later versions

Post by mahzad »

thanks for reply

Shouldn't the dll debug be prevented instead of customer's app debug ? Now customer's app that call protected dll can not be debug!!we just want not to patched our DLL by attacker.

more info: my protected dll is in release mode and customer's app is in debug mode.
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: anti debugger in v4.30 and later versions

Post by Enigma »

Hi, yes, in this specific case the checkup - anti-debugger feature should be disabled in Enigma Protector.

Once disabled, then your customer can trace the application, right?
mahzad
Posts: 9
Joined: Wed Jul 27, 2022 6:36 am

Re: anti debugger in v4.30 and later versions

Post by mahzad »

Yes .
I thought anti-debugging was a common way to prevent reverse engineering, so I have to think about other obfuscation techniques, such as string encryption. right?
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: anti debugger in v4.30 and later versions

Post by Enigma »

Protected Strings and others are good features, but the strongest protection can be applied with Virtual Machine, specially RISC virtual machine.
Implement it using Virtual Machine - Functions Selecting (with help of MAP file) and/or with vm_begin/vm_end and vm_risc_begin/vm_risc_end code markers.
mahzad
Posts: 9
Joined: Wed Jul 27, 2022 6:36 am

Re: anti debugger in v4.30 and later versions

Post by mahzad »

Thank you. Is it applied to my C++ SDK, we send it as a DLL for customer app .
Last edited by mahzad on Sat Dec 03, 2022 5:44 am, edited 3 times in total.
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: anti debugger in v4.30 and later versions

Post by Enigma »

Do you compile your c++ application in x86 or x64, or both?
mahzad
Posts: 9
Joined: Wed Jul 27, 2022 6:36 am

Re: anti debugger in v4.30 and later versions

Post by mahzad »

Hi both of them but more x86.
your virtual machine technology is just for 64bit DLL , SO I can use just protected string for 32 bit dll, right?
Last edited by mahzad on Mon Dec 05, 2022 12:21 pm, edited 1 time in total.
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: anti debugger in v4.30 and later versions

Post by Enigma »

For C++ you can use code markers to select parts of code that you would like to protect with virtual machine.

The code sample is the following:

Code: Select all

#include "enigma_ide.h"

int main()
{
    std::cout << "Before VM\n";

    EP_Marker("vm_begin");
    std::cout << "It is inside VM marker!\n";
    EP_Marker("vm_end");

    std::cout << "After VM\n";

}
#include "enigma_ide.h" - includes Enigma API, find it in EnigmaSDK function (together with enigma_ide.lib/enigma_ide64.lib)
EP_Marker("vm_begin")/EP_Marker("vm_end") - markers of the region of code which you would like to protect
vm_begin/vm_end - protection with classic virtual machine
vm_risc_begin/vm_risc_end - protection with classic virtual machine

Also, contact us support@enigmaprotector.com, we give you version 7.20, in this version there is same way to select code markers using Enigma API - EP_Marker function. Before this version there are different ways used in x86 and x64 versions.
Post Reply