Archive for the ‘Executable Protection’ Category

While I was working on the VM, making minor adjustments for integratability, I went to take a look at an outline of potential features P.L. would have. Among the list was an idea for metamorphism. An idea I think is ready to be put to the test. At this point, I’ve successfully unloaded the virtualized […]

The VM is continuing as usual, however, now I’m running into issues with my use of no-operation type instruction series.  Should I keep a table of macros to use representing no-op. type of instructions, or should I integrate a unique set of conditional statements, pointless loops, and other such operations?  If I were to do […]

While working on my VM, looks like I hit some more bumps – if the C++ compiler uses the stack for scratch space, how will I work around that in inline ASM? I’ve come up with a solution I think is fairly reasonable: a pseudo-stack. A new area made in memory that will act as […]

Now that I’ve actually begun work on the VM, I’ve found myself making great use of preprocessor macros. Originally, I wrote the parsing area for the PUSH instruction to be about 70 lines long, making use of the rand() function to decide on which series of instructions to execute. The problem with this, is that […]

After some recent ventures into polymorphism and metamorphism, being used to protect my projects, I’ve ran into a new problem: what protects the a function that’s loaded into a random location in memory? Obfuscation is one possibility, and I did have a project for obfuscating executables, but, reversing is still possible. Also, the obfuscation tool […]

I remember the days I would spend, looking for OllyDBG plugins to evade detection of a protector; as executable protectors became more advanced, unpacking protected executables grew much harder. Now, one method is to evade all possible anti-debugger tactics, and step through an executable to get to the OEP. Some are more targeted toward packers, […]

After spending the past few months taking a heavier focus on protecting my projects, and battling the projection schemes of other peoples projects, I’ve ran into some interesting techniques for protecting an executable. Here goes a compilation I’ve made from memory: 1: Virtualization – Converts the instruction set used in an executable to a new […]