X hits on this document





50 / 120

Therefore, COBF generates the cobf.h header file which includes the necessary

substitutions to make the obfuscated soure compilable. Through this process, all user-

defined method and variable names within the immediate file are lost, rendering the

source code difficult to understand, even if one performs the substitutions prescribed in

cobf.h. Since COBF generates obfuscated source as a continuous line, any formatting in

the source code that served to make it more readable is lost. While the original

formatting cannot be recovered, a code formatter such as Artistic Style can be used to

format the code using ANSI formatting schemes so that methods and control structures

can again be identified via visual inspection. Source code obfuscation is a fairly weak

form of intellectual property protection, but it does serve a purpose in real-world

scenarios where a given application needs to be built on the end-user's target computer—

instead of being pre-built and delivered on installation media.

7.4 Advanced Obfuscation of Machine Code

One of the features of an interactive debugger-disassembler like OllyDbg that is

very helpful to a reverse engineer is the ability to trace the machine instructions that are

executed when a particular operation or function of a program is tried. In the Password

Vault application, introduced in Section 4, a reverse engineer could pause the program's

execution in OllyDbg right before specifying the option to create a new password record.

To see which instructions are executed when the trial limitation message is displayed, the

reverser can choose to record a trace of all the instructions that are executed when

execution is resumed. To make it difficult for a reverse engineer to understand the logic


Document info
Document views539
Page views540
Page last viewedMon Jan 23 14:55:11 UTC 2017