Contents

Obfuscation restrictions



The protective complex DotFix NiceProtect uses a unique obfuscation technology of data left by the compiler, based on our developments in the field of decompilation of Visual Basic and Delphi applications. Many modern programming languages ​​save a huge amount of service and debugging information in compiled files. You can protect the program code as much as you like (use mutation and virtualization), but the names of public functions, forms, modules, controls on forms will still remain in the protected file and will help the cracker to localize the desired function in your program. To protect files against cracking, we have developed a data obfuscator for Delphi, Free Pascal and Visual Basic applications. At the moment, all current versions of Delphi are supported, starting from version 3, including the entire branch Delphi XE - Delphi XE8, as well as Delphi 10 Seattle and Delphi 10.1 Berlin.

How the obfuscator works

The principle of operation of the obfuscator is based on decompilation of the entire program. The program is divided into a project, used forms, modules and classes. Each form is decompiled to separate it into controls (buttons, text fields, etc.) and events bound to them. Then structures with names of functions and procedures, as well as events included in each object of the program, are decompiled. In the process of collecting this information, the obfuscator checks the dependencies of some objects on others and synchronously changes the names of all objects and procedures.

After this operation, almost all identification information about the belonging of a particular function to a particular module or class is removed from the EXE file. Therefore, it will be much more difficult to find the form frmTrial or frmRegistration in the program.

Limitations of the Visual Basic 5.0 / 6.0 Application Obfuscator

The obfuscator uses a complex algorithm for analyzing object dependencies, but it still does not support some things. Therefore, in some cases, the program will need to be prepared in advance for the obfuscation process. The nuances discussed below relate only to obfuscation of Visual Basic 5.0 / 6.0 applications. Let's take a look at these things.

1. The obfuscator does not support Design time references of some objects to others

For example, you have a TreeView and it has a property ImageList. So, if the name of the ImageList object is specified in the ImageList property of the TreeView control, then after obfuscation it will not be changed, and the program will exit with an error. The same goes for databases and specifying DataSet's and Recordset's in component properties.

Begin ComctlLib.TreeView TreeView1 Height = 1932 Left = 3600 TabIndex = 3 Top = 1320 Width = 2412 _ExtentX = 4255 _ExtentY = 3408 _Version = 327682 Style = 7 ImageList = "ImageList1" Appearance = 1 End


All this can be easily solved if you change the assignments from Design time to Runtime, for example by move these assignments to Form_Load:

Private Sub Form_Load() TreeView1.ImageList = ImageList1 End Sub


Тоже самое потребуется сделать с каждым таким присвоением. К счастью такого кода обычно крайне мало.The same will need to be done with each such assignment. Fortunately, there is usually very little such code.

2. Early object declarations are not supported (LateCall calls)

Few people take advantage of this opportunity, because this incompatibility will not affect most VB6 projects. Nevertheless, it is necessary to remember about it. If you create copies of form objects (work with a form as a class), then you are probably familiar with these lines:

Private Sub Form_Load() Dim oForm as New frmMain oForm.Show End Sub


So, in this case, the name frmMain is inserted by the VB6 compiler directly into the code of the Form_Load function. The obfuscator does not decompile the code, only the data, so this insertion remains invisible. Result - the program will terminate with an error after obfuscation. Unfortunately, it is not possible to support such calls in DotFix NiceProtect due to the need to disassemble and then decompile the code of all program functions. The VB6 compiler supports two types of compilation: P-Code and Native Code. This means that the obfuscator to solve this problem must be able to decompile both P-Code and Native Code. Despite the fact that we have similar technologies, decompilation is an extremely slow process. For large projects, decompiling the entire code can take over half an hour. And this is without a time spent on analyzing references to objects and their renaming. In view of this, for objective reasons, we decided not to use full decompilation and code analysis in DotFix NiceProtect, especially since this can only solve the problem within Visual Basic 5.0 / 6.0 and will not help in any way in obfuscating other languages.