ScyllaHide doenst work on VMProtect v2 #131
Comments
|
file under password? are you serious? |
|
The password on the archive is |
|
No single detection. Try "break on system breakpoint" |
|
Bump, I have the same issue here. Using the VMProtect preset, debugging an x86 executable packed with VMProtect 2, i get to the entry point, I try to attach ScyllaHide to the process and the process immediately crashes after injection... Never had this issue on VMProtect 3 though. |
|
same here, I used SharpOD 0.6e and I solved my issue. Sure SharpOD is not very good is closed source and the dll is protected with vmprotect 2, but this issue is ignored for too many years. |
|
Yeah not really a lot of incentives to help people bypass vmprotect to make money for their own ends 😂 |
|
@mrexodia money? Is protecting yourself from malware wrong? |
|
Not at all! It's just that people's motives for debugging VMProtected binaries are usually not related to malware 😅 Generally speaking ScyllaHide has been defeated by the direct syscalls, so it's kind of pointless to keep maintaining it. TitanHide used to work somewhat better, but generally speaking you'll want to invest in some unpacking technology to sidestep debuggers completely when dealing with malware. |
Uh oh!
There was an error while loading. Please reload this page.
here's the sample https://disk.yandex.com/d/Dqk1qhxj6YV6cQ
both are packed with a different version of vmprotect .. v3 and v2..
ScyllaHide works fine with v3 but not on v2.
Not Working: bypassing anti-debug
pass: test
The text was updated successfully, but these errors were encountered: