These techniques are based on fact that modern disassemblers are flow oriented. In this section I’m going to show some examples of how to mislead disassemblers. If we have these bytes, we are able to reverse this process (not 100 % accurately). Second stage is to take this assembly code and convert its source to raw bytes. First stage of complete compilation is processing high level code to assembly code. Generally speaking, code that you write (assume C/C++ for simplicity) is processed on multiple stages. If you don’t know what disassembly is then watch my video on YouTube explaining this nasm, golink Anti Reverse Engineering techniques for x86 Quick introduction
You just need nasm and golink that are standalone executables. All examples that I’m going to present here are available on my GitHub with nice script compiling it all at once.
Anti debug protections on the other hand are valid just for Microsoft Windows (all the code was tested on 64 bit Windows 7 build 7601 virtualized by VirtualBox and Windows 10 圆4 build 17763). In this post I will cover anti reverse engineering techniques that applies to any operating system that is capable of running on x86 architecture. Anti cheats like VAC or PunkBuster also strongly depend upon such techniques.
These protections are not used only by malware developers but also by companies that sell their products for high price and want them to be secure (mostly in terms of licence or activation checking). Last time I spent a lot of time to familiarize myself with techniques that are used to prevent reverse engineer a program and I want share with you my knowledge.
0 kommentar(er)
