Code Virtualizer is a powerful code obfuscation system suitable for Windows, Linux, and Mac applications and dynamic libraries. It helps developers protect their sensitive code areas from the threat of reverse engineering through powerful obfuscation of code based on code virtualization.

Code Virtualizer will convert your original code (x86/x64 or ARM64 instructions) into virtual opcodes that can only be understood by internal virtual machines. These virtual opcodes and virtual machines themselves are unique to each protected application, thus avoiding generic attacks on Code Virtualizer.

Code Virtualizer can protect your sensitive code areas, covering any x86/x64 or ARM64 native PE, ELF, or Mach-O files (such as executable files/EXEs, system services, DLLs, OCXs, ActiveX controls, shared objects, screen savers, and device drivers).

Basic knowledge about reverse engineering

When an application is created, the compiler compiles the application source code into multiple object files composed of machine language code. Subsequently, these target files will be linked together to create the final executable file.

When an attacker attempts to crack a compiled application, they use a decompilation tool that decompiles machine language code into more understandable code (such as assembly code or high-level programming language), and then they study the decompiled code.

Once the attacker has a thorough understanding of the target application, they can modify the compiled application to alter its behavior. For example, attackers can bypass the routine of checking the trial period in the application, making it run permanently, or even worse, making the application appear as if it has been registered.

Code virtualization adversarial reverse engineering

Code virtualization refers to the conversion of binary code from a specific machine into different binary code that another machine can understand. That is to say, the instruction set of a specific machine is converted into a new instruction set that another machine can understand. The following figure shows the conversion process from Intel x86 instruction blocks to a new instruction set for another machine (specifically RISC 32-bit CPU):

Code Virtualizer can generate multiple types of virtual machines, each with its unique instruction set. This means that specific x86/x64 or ARM64 instruction blocks can be converted into different instruction sets for each virtual machine, preventing attackers from recognizing any generated virtual opcodes after converting from x86/x64 or ARM64 instructions. The following figure shows how to convert x86 instruction blocks into different types of virtual opcodes, which can be simulated by various virtual machines:

When an attacker attempts to decompile a code block protected by Code Virtualizer, they will not find the original x86 instructions. On the contrary, he will discover a completely new instruction set that neither he nor any special decompiler can recognize. This will force attackers to go through an extremely difficult process of identifying the execution mode of each opcode and the working principle of each protected application's specific virtual machine. Code Virtualizer completely confuses the execution of virtual opcodes and the study of each unique virtual machine to prevent others from investigating the execution of virtual opcodes.

The Application of Code Virtualization in Real Life

Code Virtualizer can be easily embedded into your applications, libraries, and device drivers. You only need to select the area in the source code that will be protected by the Code Virtualizer. The following example demonstrates how to protect code blocks in a C application:

#include <stdio.h>

#include "VirtualizerSDK.h"

void main()

{

VIRTUALIZER_START//The area to be protected starts from here

printf("Hello World");

VIRTUALIZER-IND//The area to be protected ends

}

The VIRTUALIZER-START and VIRTUALIZER-IND macros are virtual macros that do not interfere with the execution of the original application program. Only when protected, the Code Virtualizer recognizes these code regions and converts them into unique virtual opcodes, which are then simulated by the virtual machine when the protected application is running.

The following figure shows the image of the original compiled application (before being protected) and the changes after being protected by Code Virtualizer:

As shown in the figure, the Code Virtualizer needs to embed the generated virtual machine at the end of the protected application to simulate virtual opcodes during execution.

Code Virtualizer is a powerful technology that can prevent others from checking your sensitive code, such as verifying the serial number entered to register your application's routines. In addition, Code Virtualizer has slightly modified the header of protected applications, which means you can add compressors or other software protection tools on top of Code Virtualizer without any issues.

If you are a Windows device driver developer and feel neglected when there is no solution to protect your device drivers, Code Virtualizer provides you with the same technology as applications and DLLs (applicable to 32-bit and 64 bit drivers) to protect your device drivers.

Here is the Code Virtualizer ® Main functions:

1. Confusing through multiple virtual machines
2. Each protected application has unique protection
3. Protect x86/x64/ARM64 applications, libraries, and device drivers
4. Advanced Mutation Engine
5. Code relocation to protect dynamic libraries and device drivers
6. Virtualize/emulate any x86/x64/ARM64 opcode in a unique virtual machine
7. Each protected application has a unique virtual opcode
8. Fully compatible with any compressor/protector
9. Command line protection
10. And more!