Virtual Machine

Virtual Machine is a modern virtualization technology that allows you to protect parts of the assembler source code of your module. The main idea of virtualization is converting the original assembler code (which is well-known to reverse engineers) to the PCODE - a special programming language known only to the Enigma Protector. When a protected application requires to run a virtualized code, the PCODE will run on the internal Virtual Processor. Virtual Machine is a very useful feature that allows you to make reverse engineering and analysing of the protected module very complex, see below to find out more about Virtual Machines implemented in the Enigma Protector. Our recommendation is to use the virtualization technology as often as possible. Also, note that not all code parts/functions should be virtualized. If the part of the code or function is executed too many times, it is not recommended to virtualize it, otherwise it will slow down the work of your application and increase CPU loading. The best places for virtualization are parts of verifying registration code, trial control routines, cryptographic algorithms, in short, all weak places that should not be reversed/cracked/analysed.

There are several ways the virtualization technology could be used:

• by the use of VM Markers. If you are a software developer, and you have the source code of your application and can compile it, then the best and most recommended way to apply virtualization is the VM Markers;
• by using a MAP file (the MAP file contains a list of functions with their addresses, it has the same name as an input file choosen on Input Panel but has a .map extension. A MAP file allows accurate analysing of the input file), selecting the necessary functions. This is also a solution for software developers who can compile modules and generate MAP files. To learn more about the creation of MAP files for different development IDEs, see Making Of the Map File. Note that a MAP file should be placed in the same folder as an input file and it should have the same time span as the input file name. See Functions Selecting;
• by using a PDB (program database or symbol) file, which automatically being compiled by Visual Studio;
• if you are not a software developer and cannot use the above methods, you may simply click the Select Functions button and The Enigma Protector will try to analyse the input file and find all functions that are possible to be virtualized. Remember, this option is not so stable as the previous ones, so you have to make a double check of workability of the protected modules. See Functions Selecting.

The Enigma Protector implements two virtual machine architectures:

• Classic, it's fast and lightweight, uses static instructions;
• Modern RISC, highly secure Virtual Machine which runs on unique dynamicly generated instruction set, so each time you protect your executable completely unique instance of the Virtual Machine is being generated; due to the engine complexety this Virtual Machine is slow, you should use this in the most vulnerable places of your application;

Limitations:

• Virtual Machine does not work with any kind of .NET files, either exe or dll files;
• if the part of code/functions selected for virtualization contains any Markers inside, the workability of the marker will be lost, the code inside the marker will only be executed;
• for Delphi developers, the MAP file compiled with Delphi may contain a set of functions with the same names but different addresses. The Enigma Protector stores the selected functions by the name in the project file. After loading the project file, only the function with necessary name that appeared first will be selected;

Follow the links below for more information:

• Settings
• File Entry Point
• Functions Selecting