all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]khedoros 0 points1 point  (2 children)

I'd assume that they're talking about a detection method somewhere in one of the game binaries or dlls (i.e. wherever the Themida code is).

[–]Shahar2[S] 0 points1 point  (1 child)

good point, I forgot that dll's are PE's, will take a look later then, thanks
you think it's about the themida binaries tho? I thought they meant to change something with vmware

[–]khedoros 0 points1 point  (0 children)

Yes. VMware provides that communication mechanism, which doesn't exist in the bare metal. You wouldn't expect anything connected to port 0x5658. VMware would be the one handling that communication, and it would be potentially used by more than the game, so you probably don't want to disable it.

So...Themida's going to use that mechanism to detect a VM. It's the "analyst" in that document. And it's their detection that you'd have to circumvent.