Virtual Machine and C++ on Enigma 1.64
Posted: Tue Mar 03, 2009 5:41 pm
With the new modification in release 1.64 I've been able to use the virtual machine with my C++ project. The feature seems to work fine. Actually I am not able to determine how "strong" it protects, but I trust it does . There are a couple of things that may be done to further improve the feature:
1) The new "undecoration" feature undecorates too much. Currently, Enigma seems to be displaying all characters from the initial "?" up to the first "@". Unfortunately if I have two classes ClassA and ClassB and both have a member function named func, the two symbols will start with ?func@ClassA@@... and ?func@ClassB@@... This means that in Enigma I will see "func" twice and there's no way to determine which func is in ClassA and which is in ClassB. I definetely suggest to use UnDecorateSymbolName with an 0xffff flag instead of using custom-written code. Symbols starting with "??" (which are not undecorated by UnDecorateSymbolName) can safely be ignored. Please notice that undecorated symbols produced by UnDecorateSymbolName can be extremely long (in my project I have a 1377-char symbol) but there's nothing we can do about that.
2) Enigma saves in the project file the undecorated name and the address of each symbol: both information are totally useless. The address might change after a recompilation, while the undecorated name is not enough to detect the correct symbol in case of duplicates (as shown above). Because of this limitations, the only way to use the VM is to open the Enigma project and re-select the correct functions each time you protect the executable. This is very inconvenient, especially when you use Enigma in a batch file from the command line (as I usually do). I suggest to write the decorated symbol in the project file. Moroever it could also be useful to have Enigma display a warning if a symbol in the project is not found in the map (useful to detect subtle changes in the decorated name, for example a change in the return value or the number of parameters).
Just my opinion,
1) The new "undecoration" feature undecorates too much. Currently, Enigma seems to be displaying all characters from the initial "?" up to the first "@". Unfortunately if I have two classes ClassA and ClassB and both have a member function named func, the two symbols will start with ?func@ClassA@@... and ?func@ClassB@@... This means that in Enigma I will see "func" twice and there's no way to determine which func is in ClassA and which is in ClassB. I definetely suggest to use UnDecorateSymbolName with an 0xffff flag instead of using custom-written code. Symbols starting with "??" (which are not undecorated by UnDecorateSymbolName) can safely be ignored. Please notice that undecorated symbols produced by UnDecorateSymbolName can be extremely long (in my project I have a 1377-char symbol) but there's nothing we can do about that.
2) Enigma saves in the project file the undecorated name and the address of each symbol: both information are totally useless. The address might change after a recompilation, while the undecorated name is not enough to detect the correct symbol in case of duplicates (as shown above). Because of this limitations, the only way to use the VM is to open the Enigma project and re-select the correct functions each time you protect the executable. This is very inconvenient, especially when you use Enigma in a batch file from the command line (as I usually do). I suggest to write the decorated symbol in the project file. Moroever it could also be useful to have Enigma display a warning if a symbol in the project is not found in the map (useful to detect subtle changes in the decorated name, for example a change in the return value or the number of parameters).
Just my opinion,