Code Virtualization

Safengine provides a powerful virtual machine to protect your applications against reverse engineering or unwanted modifications. The protector will convert your sensitive code (in x86 assembly) into a random instruction set which can only be executed by the virtual machine interpreter embedded into your application after protection. These virtual machines are very unique, fully randomized and heavily obfuscated.

During the virtualization process, your original code flow will be redirected with logical obfuscation, which means that there won't be anything else then NAND operators used by the emulating virtual machine logical operations such as AND, OR, NOT and XOR, while most arithmetical operations will be implemented via ADD so that it is very hard for a reverse engineer to tell how the original code works. Also, there will be no “conditional jump” instructions after virtualization, which makes crackers have no place to manipulate the execution flow.

There are three steps of the virtualization process:

First, your code will be analyzed by the protector, which gives an overall understanding of your code in the machine’s way, including the analysis of branches, external data references, unused registers, stack-frames and modifications to the EFLAGS register.

Then, the protector will generate an instruction table which only includes necessary operations to emulate your code, use the Metamorphic Code Generation Engine to generate their correspondent x86 implementations.

Finally the protector will generate byte-code according to the new instruction set, with various internal obfuscations, constant encryptions, integrity checks and various other virtual machine features.

The virtual machine is flexible in size and with great compatibility which can be applied to applications including kernel drivers.