如何保护Exe文件免于反编译 [英] How to Protect an Exe File from Decompilation

问题描述

什么是逆向工程保护Exe文件的方法。许多打包工具都可以打包exe文件。 http://c-madeeasy.blogspot.com/2011/07/protecting-your-c-programexe-files-from .html

What are the methods for protecting an Exe file from Reverse Engineering.Many Packers are available to pack an exe file.Such an approach is mentioned in http://c-madeeasy.blogspot.com/2011/07/protecting-your-c-programexe-files-from.html

此方法有效吗？

推荐答案

防止程序进行逆向工程（理解）的唯一好方法是修改其结构，从本质上迫使对手理解图灵机。本质上，您要做的是：

The only good way to prevent a program from being reverse-engineered ("understood") is to revise its structure to essentially force the opponent into understanding Turing Machines. Essentially what you do is:

• 遇到一些通常被证明很难计算的问题


• 合成您知道其结果的版本；与解决版本


• 使正确的程序执行取决于正确的答案相比，这通常很容易


• make如果答案不正确，程序将无意义地计算出来

• take some problem which generally proven to be computationally difficult
• synthesize a version of that whose outcome you know; this is generally pretty easy compared to solving a version
• make the correct program execution dependent on the correct answer
• make the program compute nonsense if the answer is not correct

现在，盯着你的代码的对手必须弄清楚正确的计算是什么，通过解决算法难题。在40年来的文献中，无数的NP难题难以解决。如果您的程序依赖于其中之一，这是一个很好的选择，那么J. Random Reverse-Engineer不会突然能够解决它们。

Now an opponent staring at your code has to figure what the "correct" computation is, by solving algorithmically hard problems. There's tons of NP-hard problems that nobody has solved efficiently in the literature in 40 years; its a pretty good bet if your program depends on one of these, that J. Random Reverse-Engineer won't suddenly be able to solve them.

通常，这样做通过转换原始程序以使其控制流和/或其数据流模糊。一些技术通过将一些控制流转换为本质上是数据流（通过该指针数组间接跳转），然后实施需要精确指向分析的数据流算法来加扰控制流，这既难以证明又难以证明。

One generally does this by transforming the original program to obscure its control flow, and/or its dataflow. Some techniques scramble the control flow by converting some control flow into essentially data flow ("jump indirect through this pointer array"), and then implementing data flow algorithms that require precise points-to analysis, which is both provably hard and has proven difficult in practice.

这里有一篇文章较浅地描述了各种技术，但很容易读懂：
http://www.cs.sjsu.edu/faculty/stamp/students/kundu_deepti.pdf

Here's a paper that describes a variety of techniques rather shallowly but its an easy read: http://www.cs.sjsu.edu/faculty/stamp/students/kundu_deepti.pdf

这里是另一个重点在于如何确保混淆的转换导致结果难以计算的结果：
http://www.springerlink.com/content/41135jkqxv9l3xme/

Here's another that focuses on how to ensure that the obfuscating transformations lead to results that are gauranteed to be computationally hard: http://www.springerlink.com/content/41135jkqxv9l3xme/

这是一个调查了各种各样的控制流转换方法，
包括那些提供有关安全性的保证等级：
http://www.springerlink.com/content/g157gxr14m149l13 /

Here's one that surveys a wide variety of control flow transformation methods, including those that provide levels of gaurantees about security: http://www.springerlink.com/content/g157gxr14m149l13/

本文混淆了二进制程序中的控制流，且开销很低：
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.167.3773&rank = 2

This paper obfuscates control flows in binary programs with low overhead: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.167.3773&rank=2

现在，为了防止程序反编译，可能会遇到很多麻烦。但是，如果无法理解反编译的代码，您可能根本就不会打扰。这就是我要采取的方法。

Now, one could go through a lot of trouble to prevent a program from being decompiled. But if the decompiled one was impossible to understand, you simply might not bother; that's the approach I'd take.

如果您坚持要防止反编译，则可以通过考虑反编译的目的来解决这个问题。反编译本质上是建议您可以将目标程序的每个字节转换为一段代码。导致失败的一种方法是，确保应用程序显然可以将每个字节
用作计算机指令和数据，即使实际上并没有这样做，并且这样做的决定也会被混淆以上几种方法。对此的一种变体是代码中实际上有很多无条件的条件分支（使用控制流混淆方法）；分支的另一端陷入胡说八道的代码中，虽然看起来很有效，但分支到现有代码中疯狂的地方。这个想法的另一个变体是将程序实现为混淆的解释器，并将实际功能实现为一组解释的数据。
使失败的一种有趣方法是在运行时生成代码并即时执行它。大多数常规语言（例如C）几乎没有办法表示这一点。

If you insist on preventing decompilation, you can attack that by considering what decompilation is intended to accomplish. Decompilation essentially proposes that you can convert each byte of the target program into some piece of code. One way to make that fail, is to ensure that the application can apparently use each byte as both computer instructions, and as data, even if if does not actually do so, and that the decision to do so is obfuscated by the above kinds of methods. One variation on this is to have lots of conditional branches in the code that are in fact unconditional (using control flow obfuscation methods); the other side of the branch falls into nonsense code that looks valid but branches to crazy places in the existing code. Another variant on this idea is to implement your program as an obfuscated interpreter, and implement the actual functionality as a set of interpreted data. A fun way to make this fail is to generate code at run time and execute it on the fly; most conventional languages such as C have pretty much no way to represent this.

像这样构建的程序很难反编译，更不用说了解事实了。

A program built like this would be difficult to decompile, let alone understand after the fact.

在
https://security.stackexchange.com/questions/1069/any-comprehensive-solutions-for-binary-code-protection-and-anti-reverse-engineeri

这篇关于如何保护Exe文件免于反编译的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！