X hits on this document





38 / 120

[5] describes three basic anti-reversing techniques:

Eliminating Symbolic Information: The first and most obvious step in preventing

reverse engineering of a program is to render unrecognizable, all symbolic

information in machine code or bytecode because such information can be quite

useful to a reverse engineer. Symbolic information includes class names, method

names, variable names, and string constants that are still readable after a program

has been compiled down to machine code or bytecode.

Obfuscating the Program: Obfuscation includes eliminating symbolic

information, but goes much further. Obfuscation strategies include: modifying the

layout of a program, introducing confusing non-essential logic or control flow,

and storing data in difficult to interpret organizations or formats. Applying all of

these techniques can render a program difficult to reverse, however care must be

taken to ensure the original functionality of the application remains intact.

Embedding Antidebugger Code: Static analysis of machine code is usually carried

out using a disassembler and heuristic algorithms that attempt to understand the

structure of the program. Active or live analysis of machine code is done using an

interactive debugger-disassembler that can attach to a running program and allow

a reverse engineer to step through each instruction and observe the behavior of the

program at key points during it’s execution. Live analysis is how most reverse

engineers get the job done, so it’s common for developers to want to implement

guards against binary debuggers.


Document info
Document views298
Page views299
Page last viewedFri Dec 02 22:57:16 UTC 2016