一种结合混淆思想的代码虚拟化保护方法

为了提高虚拟机软件保护方法的抗逆向效果,研究并实现了保护系统OB-VMP(obscure virtual machine protection)。在OB-VMP中,多套虚拟机环境被随机选择来执行构造的混淆基本块和关键代码,私有的虚拟环境使得混淆基本块难以去除;同时混淆基本块让攻击者难以定位关键代码和关键代码所基于的虚拟环境,提高了虚拟机的保护效果。另外,在被保护代码的不同执行阶段,字节码和不同的虚拟指令映射,攻击者不能基于累积的字节码知识进行后续分析,进一步增加了OBVMP的抗逆向效果。理论分析和实验结果显示:OB-VMP能够在较小时空消耗基础上,显著提高逆向分析的难度,提高软件的安全性。

A Code Virtualization Protection Method Combining Confusion Idea

In order to improve the anti-reverse effect of the virtual machine software protection method, the protection system OB-VMP (virtual machine software protection combined with confusion) was researched and implemented. In OB-VMP, multiple virtual machine environments are randomly selected to execute the basic blocks for confusion and key code. The private virtual environment makes it difficult to remove the basic blocks for confusion, and the basic blocks for confusion makes it difficult for attackers to locate critical code and its virtual environment. This greatly improves the protection effect of the virtual machine. In addition, in the different execution stages of the protected code, the mapping between bytecode and virtual instruction is different, the attacker can not perform subsequent analysis based on the accumulated bytecode knowledge, which further increases the anti-reverse effect of OB-VMP. Theoretical analysis and experimental results show that OB-VMP can significantly improve the difficulty of reverse analysis and improve the security of software on the basis of small space-time consumption.