X hits on this document





39 / 120

7 Applying Anti-Reversing Techniques to Wintel Machine Code

Extreme care must be taken when applying anti-reversing techniques because

some ultimately change the machine code or Java bytecode that will be executed on the

target processor. In the end, if a program doesn't work, measuring how efficient or

difficult to reverse engineer it is becomes meaningless [18]. Some of the anti-reversing

transformations performed on source code to make it more difficult to understand in both

source and executable formats, can make the source code more challenging for a

compiler to process because the program no longer looks like something a human would

write. [18] states “any compiler is going to have at least some pathological programs

which it will not compile correctly.” Compiler failures on so called “pathological”

programs occur because compiler test cases are most often coded by people—not

mechanically generated by a tool that knows how to try every fringe case and surface

every bug. Keeping this in mind, one should not be surprised if some compilers have

difficulty with obfuscated source code. Following the basic anti-reversing techniques

introduced in Section 6, we now investigate the technique Eliminating Symbolic

Information as it applies to Wintel machine code.

7.1 Eliminating Symbolic Information in Wintel Machine Code

Eliminating Symbolic Information calls for the removal of any meaningful

symbolic information in the machine code that is not important to the execution of the

program, but serves to ease debugging or reuse of it by another program. For example, if

a program relies on certain function or methods names (as a DLL does) the names of


Document info
Document views200
Page views201
Page last viewedMon Oct 24 13:11:34 UTC 2016