Enigma Protector

Software Protection and Licensing
https://enigmaprotector.com/forum/

EnigmaProtector+EurekaLog makes "EP_CheckupIsEnigmaOk" result problem

https://enigmaprotector.com/forum/viewtopic.php?t=16812

Page 1 of 1

EnigmaProtector+EurekaLog makes "EP_CheckupIsEnigmaOk" result problem

Posted: Sun Jul 04, 2021 9:18 am
by MrDeveloper
Hello Support

I have a problem with the latest Enigma Protect version 6.90 in combination also with the latest EurekaLog version 7.9.4.0 or lower under RAD Studio.

It is quite simple to reproduce:

1. create any VCL application (e.g. 64 bit)
2. include enigma_ide.pas
3. use some functions
4. use the function "EP_CheckupIsEnigmaOk"
5. activate EurekaLog with profile "VCL Forms applications"
5. compile project as executable
6. protect with Enigma Protector with random settings

If the project was successfully protected with Enigma Protector and EurekaLog is active according to the RAD Studio IDE profile and settings, the function "EP_CheckupIsEnigmaOk" suddenly always returns the value "FALSE", indicating that the application has been compromised. Even directly after the fresh protection run. I tried this with random combinations and it only seemed to work 1x randomly with EurekaLog. But it is more of a gamble. Do you guys have a quick solution here?

Thanks a lot for the quick reply and solution in advance!

Re: EnigmaProtector+EurekaLog makes "EP_CheckupIsEnigmaOk" result problem

Posted: Mon Jul 05, 2021 8:42 am
by Enigma
Hi, that's possible to be true. EurekaLog may do some changes in memory to application code (or even to itself, but it's code is located in the same protected memory as application's code), so protection detects the changes and alerts on that.

We could investigate what exactly happens there, what is being changed in memory, what is causing protection to alert, but really doubt we can fix that, we can only find a reason of problem (or you can describe the situation to EurekaLog developers, maybe they give a workaround). If you wish that, please send us a simple example at support@enigmaprotector.com, we will check it out.

Re: EnigmaProtector+EurekaLog makes "EP_CheckupIsEnigmaOk" result problem

Posted: Mon Jul 05, 2021 1:27 pm
by Enigma
We have investigated the file, problem, as I expected, happens because EurekaLog patches the import directory in memory (it hooks one of the function in the protected module).
Since protection is protecting import table and redirect it on own code, EurekaLog patches/hooks the protection code. This protection alerts on integrity checking.
To avoid this issue, turn off option Protection Features - Import Protection - Emulate WinAPI functions.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited