2

I was doing some research and came across the term protectors. From my understanding is they encrypt a file to be protected but run it without an issue. During its execution it is able to decrypt the file and encrypt it back to hide the data.

So instead of someone downloading my file and reverse engineering it and bypassing it or creating a clone, I could send through a protector. Now its all encrypted and only the parts running are decrypted.

I am curious how that would work since you wouldn't know which assembly would be executed before so that you could decrypt.

Improve this question
1
  • Hi and welcome to RE.SE. Technically there is no need to encrypt it again, since it already exists in that form in the executable. Otherwise protectors are an extension of the idea of packers. You could look for VMProtect and Themida and terms like "devirtualization" in conjunction with x64dbg or IDA, Ghidra etc. These two protectors use virtualization to obfuscate code. I.e. they invent "machines" and implement the logic to execute instructions in those "machines". Commented Dec 7, 2022 at 9:43

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.