describes three basic anti-reversing techniques:
➢ Eliminating Symbolic Information: The first and most obvious step in preventing
reverse engineering of a program is to render unrecognizable, all symbolic
information in machine code or bytecode because such information can be quite
useful to a reverse engineer. Symbolic information includes class names, method
names, variable names, and string constants that are still readable after a program
has been compiled down to machine code or bytecode.
➢ Obfuscating the Program: Obfuscation includes eliminating symbolic
information, but goes much further. Obfuscation strategies include: modifying the
layout of a program, introducing confusing non-essential logic or control flow,
and storing data in difficult to interpret organizations or formats. Applying all of
these techniques can render a program difficult to reverse, however care must be
taken to ensure the original functionality of the application remains intact.
➢ Embedding Antidebugger Code: Static analysis of machine code is usually carried
out using a disassembler and heuristic algorithms that attempt to understand the
structure of the program. Active or live analysis of machine code is done using an
interactive debugger-disassembler that can attach to a running program and allow
a reverse engineer to step through each instruction and observe the behavior of the
program at key points during it’s execution. Live analysis is how most reverse
engineers get the job done, so it’s common for developers to want to implement
guards against binary debuggers.