Virtualization

What Is Code Virtualization?

Many of us consider particular pieces of code especially important. May it be a license code check algorithm implementation, an innovative optimization method, or anything else equally important so we would want to protect it by any means possible.

As we know, the traditional obfuscation techniques basically do renaming of symbols and strings protection, thus leaving the actual algorithms — cycles, conditional branches and arithmetics almost naked to the eye of intruder. Here a radical approach may be useful: to remove all the .NET bytecode instructions from an assembly, and replace it with something completely different and unknown to an external observer, but functionally equivalent to the original algorithm during runtime — this is what the code virtualization actually is.

Eazfuscator.NET provides an implementation of custom virtual machine which works atop the .NET virtual machine, using a different virtual instruction set every time you obfuscate your application. This makes the code of a protected algorithm completely bullet-proof and hidden from others. All you need to hide your precious logic is to apply a special attribute to your methods or classes.

How to Use It?

To enable code virtualization you should apply a custom attribute to a method you want to virtualize. Like this:

using System;
using System.Reflection;

class YourClass
{
    [Obfuscation(Feature = "virtualization", Exclude = false)]
    void YourMethod()
    {
        ...
    }
}

What Happens to My Method?

Eazfuscator.NET removes the original code from virtualized method. Stub instructions are inserted instead:

void YourMethod()
{
     . ().( . (), "FoMC?r;HWp", null, null, null); // This is a stub
}

Stub code transfers the control to a virtual machine that executes the original algorithm.

The key point here is that original algorithm is not presented by .NET instructions anymore. Virtual machine uses a custom instruction set and works exclusively in its domain. The original code gets translated to a virtual instruction set during obfuscation; the resulting bits are stored in assembly resources:

Virtualized code bits

Data Virtualization

Not only the code, but data can be virtualized too. The virtualization changes the way the data are represented in memory and on disk. The resulting data representation is something completely different and unknown to an external observer, but functionally equivalent to the original data structure during runtime.

To enable data virtualization you should apply a custom attribute to a field you want to virtualize. Like this:

class YourClass
{
    [Obfuscation(Feature = "virtualization", Exclude = false)]
    bool yourField;
}

What happens next is Eazfuscator.NET removes the original field and inserts a specialized data container that stores the data in virtualized form.

Pros and Cons

Virtualization may be highly beneficial due to its excellent protective capabilities:

  • Virtual instructions form a cryptographically strong system
  • Virtual instructions are not recognizable by decompilers
  • All references to methods and classes are invisible
  • Virtualized code debugging is an extremely hard task
  • Virtualized data are stored in encrypted form in memory and on disk

Still, you should remember that code virtualization has an obvious disadvantage of execution speed degradation, because it takes processor time to translate two sets of instructions instead of one. So, be aware that it is worth to use this feature for selected methods or classes, those ones that you want to hide by any means possible. The same goes to data virtualization.

Recommended Usage

Code and data virtualization is a good choice for:

  • Licensing algorithms
  • Know-how algorithms
  • Security sensitive algorithms

Explore other features