Shulou(Shulou.com)06/01 Report--

For C # generated exe file encryption, need to achieve the effect that the code can not be decompiled.

The main interface of the Virbox Protector Standalone shell tool is shown in the figure:

Start encryption

Drag directly into the file or choose to open the file, select the exe executable program or dll dynamic link library that needs to be encrypted.

[special reminder: if the xxx.map file exists in the same directory of the shelled program, the map file will be loaded automatically and the function name will be displayed in the interface. Currently, map files generated by VS, VC, BCD and Delphi compilers are supported]

The main interface after dragging is shown in the figure:

Protection of specific functions-function options

Virbox Protector Standalone supports code confusion, code virtualization, code encryption and other protection methods.

Confusion: translate the code instructions into a series of pseudo-code byte streams that can not be recognized by machines and humans, translate and interpret the pseudo-code during concrete execution, and gradually restore to the original code and execute it.

Virtualization: the instructions are compiled into virtual code and run in the specified virtual machine. At present, there are certain format requirements for instructions, and some functions may not be protected.

Encryption: the code block is stored as data and stored with the license encryption function. When the program executes to this function, the license is verified and decrypted. The complete code block is not exposed in memory. At present, some functions can not be added to the protection.

When using Virbox Protector Standalone, click add function to add the function that needs to be protected

You can use the performance analysis function to analyze the program and select important functions to protect it.

Performance analysis: click the performance analysis button, run the program that needs to be protected, and perform normal business operations. The number of calls of each function module in the program is displayed in the list in real time. If the program bit currently analyzed is the DLL program, you need to choose to start the main program, and the working directory started by the main program is the main directory where the program is located. Currently, only Windows exe programs or DLL libraries are supported.

List of protected functions: shows all the function modules that need to be protected, with subtle differences between managed and unmanaged code programs.

[special warning: not all function modules can be displayed. 1. Function modules whose instruction size is less than 15 bytes will not be displayed; 2. Some unconventional function modules will not be displayed (". @:?" in the name. )]

When the protection method is selected, click OK to complete the modification.

Encryption option configuration

We provide encryption options for advanced users. PE and .net programs, due to different technologies, so there are slight differences in encryption options, you can adjust the specific way of encryption according to your own needs.

Output file: you can modify the path and name of the generated file after the program is protected.

[special reminder: 1, if there is only a file name, then the path is the path of the source program; 2, if the output file name and the source file have the same name, the generated program will overwrite the source program, which is not recommended. ]

Import table protection: this option encrypts the import table in the PE file and hides the API list. For the sake of security strength, we recommend that users use this option.

[special reminder: import table protection currently applies only to PE files. ]

Compression: after the shell after the program compression processing, reduce the volume, while preventing static decompilation.

[special reminder: 1, because the compression module needs a fixed size of space, if the shelled program is very small and the compression effect is not obvious, it is possible to have a larger volume, which is obvious for larger programs. 2. The compression of DotNet dynamic libraries is not supported. 3. The compression of arx type programs is not supported. ]

Name confusion: name confusion, confusion of the function name in the source program, and the function name displayed by the static decompiler is garbled.

[special warning: name obfuscation is currently only supported for DotNet programs, and does not support confusion for IIS type programs. ]

Resource protection: encrypts the resource segment of the protected program, and requires the user to decrypt the program with the appropriate permission at run time.

[special note: resource protection can only support local programs. ]

Ds plug-in: DS Protector is a data protection tool that can encrypt and protect the data resource files of the program.

Complete the shelling

After all the options have been configured, click the shell protection button to complete the shell. Indicate that the shell is successful, open the directory where the file is located, and you can see the encrypted xxx.ssp.exe file or xxx.ssp.dll file. Modify the file name and replace the unencrypted file for release.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.