We usually achieve software protection through code obfuscation and encryption. In Web development, we may have encountered JavaScript code encryption. By obfuscation and encryption of JS code, we can protect the core JavaScript code. If you haven't touched any of them, let's take a look at them here. We won't go into detail this time.
In the past Win32 software, the shelling technology has developed very mature. There were well-known domestic forums such as watching Snow and cracking my love. I was still in school before year 34, daniel in the Forum has always been his idol.
However. NET program because the compilation result is not a machine code language, but an IL language, so there are not many software related to shelling. I found some, such as the DotFuscator and ,. NET Reactor, xeoncode, etc. This time we will briefly introduce some at hand.. NET Reactor.
1. code obfuscationCode obfuscation is implemented mainly through name replacement, shift, and process obfuscation.
Let's take a look at a testing DEMO program. A simple Winform program instantiates a User class when instantiating a form. click the button to display the User name, in this way, you can test whether the program can continue to run after encryption and shelling.
1 using System;We use the most common decompilation tool Reflector to decompile the generated exe to view the source code.
Next we open. NET Reactor for code obfuscation. After the exe is loaded, you can set the compression option in the general settings. However, after the setting, the program initialization speed slows down because the code needs to be decompressed and then loaded into the memory.
Enable is set to Enable in obfuscation options, common obfuscation types, string encryption, and other commonly used ones. Other options are described in detail in Tips.
When we use Reflector to decompile and view the code, we can see the result instead of the obfuscated code.
Conjecture should be. NET Reactor program processes the exe and makes a package. After we use the shell check tool, we find that this is indeed the case. A layer of Delphi is built on the outside. This is not a shell, only some additional data.
For more information about Overlay, see here.
2. shelling and shellingShelling is actually an encryption method. Before running a shell program, you must run an additional command. After this command completes the relevant operation, the main program will be started, the program is like being wrapped in a shell. The shelling technology is also widely used in virus writing.
We use the Beidou shelling program to shell the preceding exe and then decompile it.
After decompilation, we can no longer find any related names and code of the previous program. It is completely wrapped in a "shell". When the program is running, the program will first run the main function we see in the decompilation for a series of decompression and decryption actions, then load the code into the memory to run the original program, so as to implement the Program protection function.
Shelling is to decompress and decrypt the program, remove a layer of shell from the outside, and continue reverse engineering for cracking.
I am also a little bit confused about shelling, and I am not afraid to sell it out at random. If you are interested, you can go to the Forum to learn relevant knowledge.
The obfuscation and shelling methods described here are only used to protect your programs.
If you think the article is okay, I recommend it. Haha
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
