Code Virtualizer

張貼者:2010年8月10日 上午2:10未知的使用者   [ eddie liu 已於 2012年8月9日 上午2:03 更新 ]

Code Virtualizer將是一個強大的代碼模糊處理系統,幫助開發保護他們的敏感地區代碼逆向工程,同時要求對最低系統資源。Code Virtualizer具有將轉換您的原始代碼(英特爾 x86指令)的虛擬操作碼,將只由一個內部的理解虛擬機。 這些虛擬的操作碼和虛擬機本身是獨特的,每保護的應用程序,避免了一般攻擊代碼 Virtualizer具有。

Code Virtualizer具有可以保護您的敏感地區代碼在任何X32號和x64本土PE文件(如 可執行 文件/ EXE,系統服務 ,DLL , OCXs , ActiveX 控件,屏幕保護程序和 設備驅動程序)。
-----------------------------------------------
開發商:Oreans
更新日期:2011/05/18
採購正式版、大量授權報價、技術支援、軟體諮詢、委託採購、詢問報價請來電 02-29299388 分機16 , 
來信service@orderble.com,或點我
------------------------------------------------------------------------------




當正在創建一個應用程序,編譯器將編譯成幾個應用程序源代碼的目標文件由機器語言代碼。 隨後,該對象文件鏈接在一起來創建最終的可執行文件。


 
圖1:您的源代碼彙編

當攻擊者試圖破解一個編譯的應用程序,他將利用一個反編譯工具,將機器語言代碼編譯成一個更全面的代碼(如彙編代碼或更高的編程語言),做他的研究在反編譯代碼。


 
圖2:反編譯你的應用程序

當攻擊者具有良好的應用知識的目標,他可以修改編譯的應用程序,以改變其行為。 例如,攻擊者可以繞過常規的檢查試驗期間在一個應用程序,使其永遠運行下去,或者更糟,導致應用程序的行為,就好像它是註冊。




代碼組成的虛擬化轉型的二進制代碼從一個特定的計算機到一個不同的二進制代碼是由另一台機器的理解。 也就是說,從一個特定的指令集計算機轉換成一個新的指令集是由不同的機器理解。 下圖表示從 1塊改造英特爾 x86指令到一個新的指令集為另一台計算機(特別是一個 RISC的32位CPU):


 
圖三:轉型從 x86的RISC 32位CPU

Code Virtualizer具有可產生多種類型的虛擬機使用不同的指令集為每個。 這意味著,一個特定的塊英特爾 x86指令可以轉換成不同的指令集為每一台機器,防止攻擊者從認識到任何操作碼後產生的虛擬的x86指令轉換。 下圖表示如何阻止英特爾 x86指令轉換成各種不同的虛擬操作碼,可以模擬不同的虛擬機。


 
圖 4:轉型從 x86到多CPU的想像

當一個攻擊者試圖阻止反編譯代碼,通過Code Virtualizer將得到保護,他不會找到原來的x86指令。 相反,他會發現一個全新的指令集不承認這是由他或任何其他特殊反編譯。 這將迫使攻擊者要經過極其艱苦的工作,研究如何執行每個操作碼和特定的虛擬機如何為每個受保護的工程應用。Virtualizer具有完全混淆了代碼執行的虛擬操作碼和研究每一個獨特的虛擬機,以防止有人從研究如何在虛擬操作碼被執行。




Code Virtualizer具有可以嵌入在您的Win32和Win64應用程序和設備驅動程序輕鬆。 你只需要選擇在哪些領域你的源代碼都將被保護代碼 Virtualizer將。 下面的示例顯示了如何保護的代碼塊在C應用程序。

  #包括<stdio.h>
  #包括“VirtualizerSDK.h”

  無效的主要() 
  ( 
      VIRTUALIZER_START      / /該地區的保護從這裡開始

      輸出(“世界你好”);

      VIRTUALIZER_END       / /結束區,以保護 
 )

VIRTUALIZER_START / VIRTUALIZER_END 宏是假的宏不干預執行原來的應用程序。 它只有在保護的時候,代碼Virtualizer具有將承認這些地區將隱蔽的代碼和他們為獨特的虛擬操作碼,然後再通過一個模擬虛擬機器的應用程序運行的保障。

下面的圖片代表了一個原始圖像編譯的應用程序(之前被保護)以及它如何改變時,它的保護代碼 Virtualizer將:


 
圖 5:原始的應用與保護的應用程序

由於圖像顯示,代碼 Virtualizer將需要嵌入生成虛擬機在最後的保護的應用程序,以模擬的虛擬操作碼時,他們將被處死。 在大小不同的虛擬機可以從 10 KB到30 Kb的(根據複雜程度選擇),使得在不影響最後的大小受保護的申請。


Code Virtualizer將是一個強大的技術,可以防止有人從檢查你的敏感的代碼,如您的例程,驗證一個進入串行的關鍵登記你的申請。 此外,代碼 Virtualizer將略微修改了PE頭受保護的申請,這意味著你可以把一個壓縮機保護器或其他軟件上面的Code Virtualizer將沒有問題。

如果你是一個設備驅動程序開發人員,覺得被忽視,因為當時有沒有解決方案來保護您的設備驅動程序,Code Virtualizer具有相同的技術為您提供這樣做(或者為 32位和64位驅動程序)以同樣的方式為您的應用程序和DLL。

try Code Virtualizer具有插入今天開始到最新的軟件保護您的Win32/Win64應用和設備驅動程序! 













When an application is being created, the Compiler will compile the application source code into several object files made of machine language code. Afterward, the object files are linked together to create the final executable.


 
Figure 1: Compilation of your source code

When an attacker tries to crack a compiled application, he will use a decompiler tool which will decompile the machine language code into a more comprehensive code (like assembly code or a higher programming language), doing his research over the decompiled code.


 
Figure 2: Decompilation of your application

When the attacker has a good knowledge of the target application, he can modify the compiled application to alter its behavior. For example, the attacker could bypass the routine that checks for the trial period in an application and make it run forever, or, even worse, cause the application to behave as if it was registered.




Code virtualization consists of the transformation of binary code from a specific machine into a different binary code that is understood by another machine. That is, the instruction set from a specific machine is converted into a new instruction set which is understood by a different machine. The following picture represents the transformation from a block of Intel x86 instructions into a new instruction set for another machine (specifically a RISC 32-bit CPU):


 
Figure 3: Transformation from x86 to RISC 32-bit CPU

Code Virtualizer can generate multiple types of virtual machines with a different instruction set for each one. This means that a specific block of Intel x86 instructions can be converted into different instruction set for each machine, preventing an attacker from recognizing any generated virtual opcode after the transformation from x86 instructions. The following picture represents how a block of Intel x86 instructions is converted into different kinds of virtual opcodes, which could be emulated by different virtual machines.


 
Figure 4: Transformation from x86 to multiple Imaginary CPUs

When an attacker tries to decompile a block of code that was protected by Code Virtualizer, he will not find the original x86 instructions. Instead, he will find a completely new instruction set which is not recognized by him or any other special decompiler. This will force the attacker to go through the extremely hard work of identifying how each opcode is executed and how the specific virtual machine works for each protected application. Code Virtualizer totally obfuscates the execution of the virtual opcodes and the study of each unique virtual machine in order to prevent someone from studying how the virtual opcodes are executed.




Code Virtualizer can be embedded inside your Win32 and Win64 applications and device drivers with ease. You just need to select which areas in your source code are going to be protected by Code Virtualizer. The following example shows how you can protect a block of code in a C application.

  #include <stdio.h>
  #include "VirtualizerSDK.h"

  void main() 
  { 
      VIRTUALIZER_START      // the area to protect starts here

      printf("Hello World");

      VIRTUALIZER_END       // end of area to protect 
 }

The VIRTUALIZER_START/VIRTUALIZER_END macros are dummy macros which do not interfere with the execution of the original application. It's only in protection-time when Code Virtualizer will recognize those areas of code and will covert them into unique virtual opcodes, which are then emulated by a virtual machine when the protected application is running.

The following picture represents the image of an original compiled application (before being protected) and how it's transformed when it's protected by Code Virtualizer:


 
Figure 5: Original Application versus Protected Application

As the image shows, Code Virtualizer needs to embed the generated virtual machine at the end of the protected application in order to emulate the virtual opcodes when they are going to be executed. The size of the virtual machine can vary from 10 Kb to 30 Kb (depending on the complexity level selected), making no impact in the final size of the protected application.


Code Virtualizer is a powerful technology that can prevent someone from inspecting your sensitive code, such as your routines that validate an entered serial key for registering your application. Also, Code Virtualizer slightly modifies the PE header of the protected application, meaning you could put a compressor or other software protector on top of Code Virtualizer with no problems.

If you are a device driver developer and felt neglected when there was no solution to protect your device drivers, Code Virtualizer offers you the same technology to do so (for either 32-bit and 64-bit drivers) in the same way as your applications and DLLs.

Try Code Virtualizer today and start inserting the latest software protection into your Win32/Win64 applications and device drivers!