Download encrypted demo file - 151.2 Kb
Introduction
ObjAntiHack Introduction
1. Design goal
For preventing a software from being cracked or from being reverse engineered, the author do lot of things on software
encrytion. But until now, The software encrypt method is very limited, The common method is packing the software,
The limitation is the original code must be restored at runtime, So the cracker can write a memory patch tool to modify
the code or dump the entire code, even unpack it completely. For resolving this, We have developed the Obj file
encrypt software named ObjAntiHack ,It can encrypt a .obj file, You can link the encrypted obj file to your project,
The instruction code is distorted completely, and the instruction code is unable to be distinguished, is unable to
be analyzed. It has the anti-static analysis ability, and it is impossible to obtain the procedure principle easily
via the dynamic analysis. Facing this kind of code, most of crackers will give it up thoroughly.
2. Application scope
It supports X86 platform, 32bit coff format obj file. We plan to support Delphi,JAVA and .Net in the future.
3. Principle of work
A. substitute register with stack variable
Substitute one or more registers with stack variable, This convertion can not be reversed.
B. substitute Common instruction code with randomize procedure
C. Running the real code in stack
Push encrypted instruction code to stack, decrypt it,call it!
D. Erase the JMP instruction
JMP instruction is very important to cracker, So ObjAntiHack transforms the JMP code to other format.
E. Erase the ret instruction
Normaly the ret instruction indicate a ending of a function, If ret is transformed, The unassembler can not
recongize a function correctly.
F. Add JMP instructions
Divides functions into small pieces, reposition these codes into random place, link them with JMP instrction.
Advanced features: These methods can be used repeatedly!
Samples:
1、
call sub1
Change to:
mov eax, offset sub1 + 3
push offset @1
sub eax, 3
jmp eax
@1:
2.
ret
change to:
push ecx
mov ecx, [esp+4]
add esp,8
jmp ecx
3.
cmp reg1, reg2
jge L_DST
L_NEXT:
Change to:
push eax
mov eax, reg1
sub eax, reg2
shr eax, 1fh
neg eax
and eax, L2 - L1
add eax, L1
jmp eax
L1:
pop eax
jmp L_DST
L2:
pop eax
L_NEXT:
4.
MOV EAX, DWORD PTR [ECX+0AD8h]
PUSH EAX
MOV ECX, DWORD PTR [EAX]
Change to:
PUSH EAX
PUSH ECX
MOV EAX, DWORD PTR [ESP]
ADD EAX, 0AD8h
MOV EAX, DWORD PTR [EAX]
MOV DWORD PTR [ESP+04h], EAX
PUSH DWORD PTR [ESP+04h]
MOV EAX, DWORD PTR [ESP]
MOV DWORD PTR [ESP+08h], EAX
MOV EAX, DWORD PTR [ESP]
MOV EAX, DWORD PTR [EAX]
MOV DWORD PTR [ESP+04h], EAX
MOV EAX, DWORD PTR [ESP]
MOV ECX, DWORD PTR [ESP+04h]
ADD ESP, 08h
4. Using Macro
A. Using Macro below in your C++ source code to symbolizes the key encryption part:
#pragma code_seg(".code$curve_Max")
/* your key encryption part C++ code */
#pragma code_seg()
sample:
#pragma code_seg(".code$curve_Max")
Void func1()
{
…
}
DWORD func2(DWORD dw1,DWORD dw2)
{
…
}
#pragma code_seg()
B. Using Macro below in your C++ source code to symbolizes the no encryption part:
#pragma code_seg(".code$curve_NoChange")
#pragma code_seg()
5. Others
A. Performance
The performance loss is inevitable, The encryption intensity is higher, the performance loses in a big way,
If your some functions request as far as possible high speed running, then do not encrypt these functions,
or carries on the mild encryption, those uses infrequent, the speed request is not the very harsh place all may
carry on the high strength encryption. The encryption intensity and encryption method are may carry on the
establishment according to user's request.
B. File size
Because the inflation distortion algorithm, the encryption increases the object file size , the file size
increases is different according to the encryption intensity, may act according to the specific request to carry on
the adjustment. Moreover, You can insert masks in the source program to tell ObjAntiHack the key encryption region.
The key encryption region may be possible to establish as the high strength encryption, regarding the non-key
encryption region, may use the mild encryption. You will both get guaranteed security and get a smaller file.
