Abstract
Code virtualization, also called virtualization obfuscation, is a code obfuscation technique that protects software from malicious analysis. Unlike code packing or code encryption techniques, code virtualization does not restore the original code on the memory. However, because basic components of the structure are simple, if a virtualization structure is revealed statically, there is a limitation in that the analysis process is somewhat constant. In this paper, we propose Virtual Code Folding (VCF) as a new code virtualization technique. The proposed method reduces the amount of virtual code that is statically revealed by folding the virtual code inside a virtualization structure and enables the virtual code to be decoded by generating multiple diversified dispatchers. The folded virtual code is restored by the random key, and then fetched and decoded by the diversified dispatcher. This process makes it possible for VCF to effectively obfuscate correspondence between virtual code and handler code (i.e., code that performs real functionality) without significant performance overhead or strong assumptions.
Highlights
As software becomes increasingly important in modern society, intellectual property rights infringements and attacks on program vulnerabilities are becoming more serious
Much current scholarship on delaying reverse engineering focuses on this point and utilizes the technique code obfuscation [1], which transforms a piece of code to make the internal structure difficult to understand while preserving functionality of the original code
CONCEPT OF VIRTUAL CODE Folding(VCF) In this paper, we propose a protection scheme called virtual code folding (VCF) that reduces the amount of virtual code statically revealed by dividing the virtual code section into N virtual code blocks (VCB, i.e., VCTotal = VCB1||VCB2|| . . . ||VCBN ) and partially concealing it
Summary
As software becomes increasingly important in modern society, intellectual property rights infringements and attacks on program vulnerabilities are becoming more serious. A malicious analyst (i.e., attacker) infringes on the intellectual property rights of software through static analysis and dynamic analysis, and bypasses the license routine by modifying it. To solve this problem, much current scholarship on delaying reverse engineering focuses on this point and utilizes the technique code obfuscation [1], which transforms a piece of code to make the internal structure difficult to understand while preserving functionality of the original code. If virtualization obfuscation is applied to the target program, its execution process is as shown, which is similar to the process of fetching, decoding, and executing on a general CPU. In Intel assembly language, 0xC3 corresponds to RETN, but if it is assumed to be virtualized code, it can be regarded as data that the dispatcher can fetch and interpret
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
