Simple VMProtect Loader (C++)

[0x22]

Quote:

Originally Posted by Carbon

I don't like the snippet. You didn't give a real explanation.

0x00A89010 -> This memory is dynamically allocated. This can change with every process start. Using this as hardcoded address doesn't seem smart.

Why do you read and write 12 bytes? You need only 2 (5) bytes.

It even looks like you don't need a 2nd ReadProcessMemory. If it is unpacked, it is unpacked. Why check it 2 times?

0x00A89010 <- in the program i used this last time was a particular case where this did not change.
I do agree that memory addresses change which wouldnt work properly.

However you dont need to use memory addresses.

Code:

ReadProcessMemory(procInfo.hProcess, (LPVOID)0x00409605, buffer, 12, &nSize);
		if ((buffer[0] == 0xF6) && (buffer[1] == 0xC1))
		{
			ReadProcessMemory(procInfo.hProcess, 0x409615, buffer2, 12, &nSize);
			if ((buffer2[0] == 0x74) && (buffer2[1] == 0x0C))
			{
				buffer2[0] = 0x90;
				buffer2[1] = 0x90;
				//buffer2[2] = 0x01;
				//buffer2[3] = 0xEB;
				//buffer2[4] = 0x0B;
				//buffer2[5] = 0x90;
				//buffer2[6] = 0x90;
				//buffer2[7] = 0x50;
				//Sleep(570);
				printf("Address FOUND and patched!\n");
				WriteProcessMemory(procInfo.hProcess, ADDRESS2, buffer2, 12, &nSize);

			}

You can also do it like this, this is entirely up to you.
If you don't like the way i did it, then make it better and post it here so that people can benefit from your inputs.

I agree on that you should dynamically set the bytes.
I do two ReadProcessMemory to make sure I'm at the correct place.

It's just something slapped together fast, and it works which is the most important thing for me.

I'm not a good coder so, I do thank you for your constructive feedback and i'm sorry if it doesnt appeal to your coding ideology
Please do your thing and post a better one, im sure both me and the community would be pleased.

Have a good day