Quote:
Originally Posted by Newbie_Cracker
Yeah, It is very useful especially for patching child process created by father process; such as Armadillo, SDProtect, etc.
I always use hook method when loaders like dUP2 fails to patch on time.
So if the VMProtect does not check for API hooking, this method is the best.
|
Problem is ,like themida, vmp uses emulated api as well . so normally its hard to predict which api is "universally free" from api emulation and thus hooking doesnt work in all cases