<< Click to Display Table of Contents >> Navigation: Themida > FAQ > Macros > I don’t have a MAP file or the source code to set the protection macros. Can I specific the start/address of functions to virtualize? |
You can insert RVA addresses to specific the start/end of your VM macros. If you want to protect a function from VA address 0x401000 to 0x401200, you have to remove the image base (0x400000) to convert it to RVA addresses. In that example it would be 0x1000 to 0x1200
You can specify a list of RVA addresses to process as VM macros in the “Advanced Options” panel. You just need to go to the “Advanced Options” panel and add one entry for each pair of start/end RVA addresses to process. Example:
OPTION_ADVANCED_MANUAL_VM_MACRO_1=0x11570 - 0x1158e
OPTION_ADVANCED_MANUAL_VM_MACRO_2=0x1A000 - 0x1A200
OPTION_ADVANCED_MANUAL_VM_MACRO_3= .......
If you want to use MUTATE macros instead of VM macros, you can use the following options:
OPTION_ADVANCED_MANUAL_MUTATE_MACRO_1=0x11570 - 0x1158e
OPTION_ADVANCED_MANUAL_MUTATE_MACRO_2=0x1A000 - 0x1A200
OPTION_ADVANCED_MANUAL_MUTATE_MACRO_3= .......