<Matti> for scyllahide, could you make an issue please?
<TomieKawakami> v3 and v2 ... vmprotect version is there.. maybe u can compare why it dint work
<TomieKawakami> on v2
<TomieKawakami> sure sure
<Matti> otherwise I will lose track
<Matti> there's also an open one for v3 I think
<Matti> so that'll be interesting
<the_janitor> @Matti if it helps troubleshooting: SharpOD works fine with any vmp 3+ that i had to deal with
<Matti> thanks, but I just looked at the VMP 3 issue and I doubt it'll be needed
<Matti> it's made by a guy who sometimes makes uh, rather... quirky bug reports/issues
<Matti> I don't know how else to describe it
<Matti> and insists on using ollydbg, which is fine I guess but I'm personally not super interested in maintaining support for it
<Matti> I try to fix bugs if they're reported but that's basically it
<Matti> in this case it's almost certainly something ollydbg is doing that x64dbg users don't have problems with
<the_janitor> i see...wow ollydbg, guess 32b is still alive and kicking
<Matti> yeah heh
<Matti> I wonder what he does when he needs to debug a 64 bit program?
<Matti> maybe he just runs a 32 bit OS
<Matti> that would solve that issue
<TomieKawakami> I tried all vmp3 leaked on the internet for educational purposes..xD all of them beaten by Scylla. Kinda strange when vmprotect says u can do user mode or kernel mode or both when doing anti dbg.. how do they do kernel mode? Do they need their own sys for that? To happen. I don't know if usermode can detect kernel. Or maybe i miss understand what it means.
<Matti> what they mean by that is that they provide detection of both usermode and kernelmode debuggers
<Matti> which is true, and you can choose which (if any) you want to enable detection for
<Matti> but it's not really very useful because (A) most people don't debug programs with a kernel debugger, and (B) if you have a kernel debugger attached you control the entire system, so 'defeating' VMProtect at that point isn't really an achievement, just a bit tedious
<Matti> what they also do though, and as far as I know they are the only commercial protector to do this, is protect kernel mode drivers
<Matti> meaning a .sys and not .dll/.exe
<Matti> there is also an anti debug for that mode, and it's a bit harder to defeat because VMP is now also running in kernel mode
<Matti> but overall it is still pretty easy to bypass
<TomieKawakami> That's interesting
<Matti> oh yea
<Matti> forgot to answer this
<Matti> > To happen. I don't know if usermode can detect kernel.
<Matti> you can detect a kernel debugger from user mode via a few ways