| Software Protection is an important step in software development.After the software is published it will be analyzed by the large number of crackers.So protect it with a PE Protector has become a necessary step, which's aim is to prevent being reversed.With the continuous development of variety analysis tools and the reverse techniques, the ability against reversing of PE Protector represent it's strength.Existing PE Protector is used to protect executable programs, dynamic link libraries, drivers, and other files with the Win32 PE format.The PE file header contains a lot of important information,so PE Protector usually generates its own PE file header, and simulate the loading procedures of operating system.Crackers may adopt various dynamic, static analysis tools for reversing,so we need to add some anti-reverse in our PE Protector. PE Protector need to hide itself in debuger, so it is important to use the polymorphism in PE Protector to against the popular signature identifying technology.In this paper, we first discussed the development of software protection and it's importance to show it's practical value. Then,it conducted the necessary theory in detail. by researching some famous PE Protectors, exposured their anti-debug and distinguished between them, provided a method to encrypt the IAT by simulating the API.Finally,it researched the components of BPE32 polymorphic engine and listed some codes briefly, discussed the heuristic code simulation technology, then listed some pop anti-heuristic detection techniques and some brief codes.In this paper, we reversed the well-known PE Protector in detail, and concluded their anti-debug as the function code, which can be used directly and flexibly in PE Protector.The framework of polymorphism could be expanded and used in projects. |
PDF Full Text Request