Windows C++ / VPCEXT

Author Unprotect
Platform Windows
Language C++
Technique VPCEXT

Code

/*
-----------------------------------------------------------------------------
  * Created by * lallous <lallousx86@yahoo.com> *
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE
LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF
  * SUCH DAMAGE.
  *
-----------------------------------------------------------------------------
*/

// IsInsideVPC's exception filter
DWORD __forceinline IsInsideVPC_exceptionFilter(LPEXCEPTION_POINTERS ep)
{
   PCONTEXT ctx = ep->ContextRecord;

   ctx->Ebx = -1; // Not running VPC
   ctx->Eip += 4; // skip past the "call VPC" opcodes
   return EXCEPTION_CONTINUE_EXECUTION;
   // we can safely resume execution since we skipped faulty instruction
}

// high level language friendly version of IsInsideVPC()
bool IsInsideVPC()
{
   bool rc = false;

   __try
   {
     _asm push ebx
     _asm mov  ebx, 0 // Flag
     _asm mov  eax, 1 // VPC function number

     // call VPC
     _asm __emit 0Fh
     _asm __emit 3Fh
     _asm __emit 07h
     _asm __emit 0Bh

     _asm test ebx, ebx
     _asm setz [rc]
     _asm pop ebx
   }
   // The except block shouldn't get triggered if VPC is running!!
   __except(IsInsideVPC_exceptionFilter(GetExceptionInformation()))
   {
   }

   return rc;
}

Created

September 21, 2020

Last Revised

April 22, 2024