After you created a project in the GUI mode you can use the console version (VMProtect_Con.exe). You can execute it as follows:

VMProtect_Con File [Output File] [-pf Project File] [-sf Script File] [-lf Licensing Parameters File] [-bd Build Date (yyyy-mm-dd)] [-wm Watermark Name] [-we]

• File – the file name of the executable you want to protect (*.exe, *.dll and so on), or the file name of a (*.vmp) project. If a project file name is specified, the file name of the executable is taken from the project file.
• Output File – the file name and path to the protected file that should be created after processing the original file. If this parameter is not set, the value is taken from the project file.
• Project File – the file name and path to the project file created in the GUI mode. If the parameter is not set, the program searches for a *.vmp file in the folder of the executable.
• Script file – the file name of the script the protected file is processed with. If the parameter is not set, the script from the current project file is used.
• Licensing Parameters File – the name of a file containing licensing parameters. If this parameter is not set, licensing parameters are taken from the current project file.
• Build Date – Application build date in the following format: “yyyy-mm-dd”. If this parameter is not set, the current date is used. The build date is inscribed into the protected application and is used by the licensing system to check serial numbers against the “Maximum build date” field.
• Watermark Name – the name of a watermark inserted into the protected file. If the name of a watermark is not set, the watermark specified in the project settings is used.
• we – when this parameter is set, all warnings are displayed as errors.

!Important

The console version isn't available for the Lite eidtion.

Displays the memory dump of the protected application as machine language codes and assembler instructions:

The “Go To Address” button on the toolbar allows you to go to a specified address of the protected application:

To quickly go to a certain function, start typing its name in the quick search box. You can also enter its exact address.

Displays information about resources:

Options

• Excluded from packing – a resource can be excluded from packing.

Displays information about exports the file has:

Displays information about imported functions and libraries:

Displays information about segments:

Options

• Excluded from memory protection – a segment can be excluded from memory protection.
• Excluded from packing – a segment can be excluded from packing.

Displays information about file directories:

The “Details” section displays various information about the protected application. It also allows you to exclude certain segments of data or resources from packing. Changes you make in this section are saved to the project file.

“Details” section contains the following subsections:

• Directories
• Segments
• Imports
• Exports
• Resources
• Calculator
• Dump

The “Functions” section lists all functions available for protection:

When a function is selected, you can see its properties and protection options on the main panel. For each function you can specify a compilation type and enable lock to a serial number.

The “Options” section allows you to configure various protection parameters:

Virtual Machine

• Version - this options allows to specify the version of virtual machine (the default value is the current version). Selecting "Compact" will use the old version of the virtual machine, which has a smaller bytecode size.
• Instances - this options allows to specify the number of the virtual machine copies (the default value is 10). Each virtual machine will have unique set of properties (different registers positions, different bytecode direction, different handlers of commands, etc.) that makes harder the analysis and hacking of virtualized code.
• Complexity - this options allows to specify the probability of creating complex handlers (consisting of several simple handlers) inside the virtual machine. This option also greatly complicates the analysis and hacking of virtualized code. As the complexity increases, the size of the protected file also increases.

File

• Memory Protection – this option allows you to secure the image of the file in memory from any changes (data integrity is checked for all sections that do not have the WRITABLE attribute). Image integrity check is performed before passing the control to the original entry point of the program. If integrity is violated, a corresponding message is shown and the program stops execution.
• Import Protection – this option allows hiding the list of API the protected program uses from a cracker. We recommend using this option along with packing of the output file.
• Resource Protection – this option encrypts resources of the program (except icons, manifests and other service resources).
• Pack the Output File – this option allows you to pack the protected file to reduce its size. The application is unpacked automatically when the protected file is executed. The entire unpacking goes without any disk writing, completely in RAM. When using this option, we also recommend to include EntryPoint to the list of protected objects.

!Important

When the program starts, after the code is unpacked the control is passed to EntryPoint. If the code of EntryPoint is virtualized, this code will be executed on the same VM interpreter as the code of the unpacker itself. Virtualization of EntryPoint combined with packing of the protected file prevents manual unpacking of the protected file, as in this case an intruder has to restore EntryPoint code to get a working file image.

Additional

• Segments – When the file is compiled, new segments will be added to it to the place where various system data are stored (virtualized and mutated code, VM interpreters, watermarks etc.). This option allows you to specify names for these new segments. We recommend changing the standard “.vmp” name of segments to something else (for example “.UPX”).
• Strip Debug Information – removing of debug information impedes analysis of the code by a cracker. For .NET applications this option also renames classes/methods/properties/fields except for those that were excluded from renaming.
• Strip Relocations – some compilers (i.e. Delphi) create a relocation table for EXE files that are not used by the operating system to load EXE files. If the option is enabled, the space occupied by relocation table is be used for VM needs.
• Watermark – allows adding watermark into the program.
• Lock To HWID – allows to lock the program to harware identifier.

Detection

• Debugger – this option prevents debugging of the protected file. There are 2 types of debuggers: User-mode debuggers (OllyDBG, WinDBG etc.) and Kernel-mode debuggers(SoftICE, Syser and others). Debugger detection is performed before passing control to the entry point of the program. If a debugger is detected, a corresponding message is shown and the program stops execution.
• Virtualization Tools – this option prohibits executing the protected file in various virtual environments: VMware, Virtual PC, VirtualBox, Sandboxie. Detection of virtualization is performed before passing control to the entry point of the program. If a virtual environment is detected, a corresponding message is shown and the program stops execution.

Messages

Here you can customize messages the program displays when it detects a debugger, a virtualization tool, if the file is corrupted or when there’s an attempt to execute the code protected by a serial number.

Licensing parameters

• File Name - choose a project file created in the license manager as a licensing parameter file. By default, the current project file is used.
• Activation Server - this option is required for activation system.