CODE VIRTUALIZER | OVERVIEW  
 

Latest Version: 2.0 | Latest Release: 2.0.5.0 | Release Date: 15-Apr-2014




Code Virtualizer is a powerful code-obfuscation system that helps developers protect their sensitive code areas against Reverse Engineering while requiring minimum system resources.

Code Virtualizer will convert your original code (Intel x86 instructions) into Virtual Opcodes that will only be understood by an internal Virtual Machine. Those Virtual Opcodes and the Virtual Machine itself are unique for every protected application, avoiding a general attack over Code Virtualizer.

Code Virtualizer can protect your sensitive code areas in any x32 and x64 native PE files (like executable files/EXEs, system services, DLLs , OCXs , ActiveX controls, screen savers and device drivers).




When an application is being created, the Compiler will compile the application source code into several object files made of machine language code. Afterward, the object files are linked together to create the final executable.



Figure 1: Compilation of your source code

When an attacker tries to crack a compiled application, he will use a decompiler tool which will decompile the machine language code into a more comprehensive code (like assembly code or a higher programming language), doing his research over the decompiled code.



Figure 2: Decompilation of your application

When the attacker has a good knowledge of the target application, he can modify the compiled application to alter its behavior. For example, the attacker could bypass the routine that checks for the trial period in an application and make it run forever, or, even worse, cause the application to behave as if it was registered.




Code virtualization consists of the transformation of binary code from a specific machine into a different binary code that is understood by another machine. That is, the instruction set from a specific machine is converted into a new instruction set which is understood by a different machine. The following picture represents the transformation from a block of Intel x86 instructions into a new instruction set for another machine (specifically a RISC 32-bit CPU):



Figure 3: Transformation from x86 to RISC 32-bit CPU

Code Virtualizer can generate multiple types of virtual machines with a different instruction set for each one. This means that a specific block of Intel x86 instructions can be converted into different instruction set for each machine, preventing an attacker from recognizing any generated virtual opcode after the transformation from x86 instructions. The following picture represents how a block of Intel x86 instructions is converted into different kinds of virtual opcodes, which could be emulated by different virtual machines.



Figure 4: Transformation from x86 to multiple Imaginary CPUs

When an attacker tries to decompile a block of code that was protected by Code Virtualizer, he will not find the original x86 instructions. Instead, he will find a completely new instruction set which is not recognized by him or any other special decompiler. This will force the attacker to go through the extremely hard work of identifying how each opcode is executed and how the specific virtual machine works for each protected application. Code Virtualizer totally obfuscates the execution of the virtual opcodes and the study of each unique virtual machine in order to prevent someone from studying how the virtual opcodes are executed.




Code Virtualizer can be embedded inside your Win32 and Win64 applications and device drivers with ease. You just need to select which areas in your source code are going to be protected by Code Virtualizer. The following example shows how you can protect a block of code in a C application.

  #include <stdio.h>
  #include "VirtualizerSDK.h"

  void main()
  {
      VIRTUALIZER_START      // the area to protect starts here

      printf("Hello World");

      VIRTUALIZER_END       // end of area to protect
 }

The VIRTUALIZER_START/VIRTUALIZER_END macros are dummy macros which do not interfere with the execution of the original application. It's only in protection-time when Code Virtualizer will recognize those areas of code and will covert them into unique virtual opcodes, which are then emulated by a virtual machine when the protected application is running.

The following picture represents the image of an original compiled application (before being protected) and how it's transformed when it's protected by Code Virtualizer:



Figure 5: Original Application versus Protected Application

As the image shows, Code Virtualizer needs to embed the generated virtual machine at the end of the protected application in order to emulate the virtual opcodes when they are going to be executed. The size of the virtual machine can vary from 10 Kb to 30 Kb (depending on the complexity level selected), making no impact in the final size of the protected application.


Code Virtualizer is a powerful technology that can prevent someone from inspecting your sensitive code, such as your routines that validate an entered serial key for registering your application. Also, Code Virtualizer slightly modifies the PE header of the protected application, meaning you could put a compressor or other software protector on top of Code Virtualizer with no problems.

If you are a device driver developer and felt neglected when there was no solution to protect your device drivers, Code Virtualizer offers you the same technology to do so (for either 32-bit and 64-bit drivers) in the same way as your applications and DLLs.

Try Code Virtualizer today and start inserting the latest software protection into your Win32/Win64 applications and device drivers!
 
 
   
Copyright © 2004-2014 Oreans Technologies. All Rights Reserved. -- Oreans, Themida and WinLicense are registered trademarks.
All other trademarks used are properties of their respective owners.