7.5 Wintel Machine Code Anti-Reversing Exercise
Apply the anti-reversing techniques Eliminating Symbolic Information and
Obfuscating the Program, both introduced in Sections 6 and 7, to the C/C++ source code
of the Password Vault application with the goal of making it more difficult to disable the
trial limitation. Rebuild the executable binary for the Password Vault application from
the modified sources using the GNU compiler collection for Windows. Show that the
Wintel machine code reversing and patching animated solution in Section 4.4 can no
longer be carried out as demonstrated.
7.6 Solution to the Wintel Anti-Reversing Exercise
The solution to the Wintel machine code anti-reversing exercise is given through
comparisons of the original and obfuscated source code of the Password Vault
application. As each anti-reversing transformation is applied to the source code,
important differences and additions are explained through a series of generated diff
reports and memory dumps. Once the anti-reversing transformations have been applied,
the impact they have on the machine code and how reversing the Password Vault
application becomes more difficult is covered; these obfuscations make it difficult to find
a good starting point and hinder live and static analysis. The obfuscated source code for
the Password Vault application is located in the password_vault_cpp_obfuscated
directory of the archive located at http://reversingproject.info/repository.php?
fileID=4 1 2.