Software piracy! Cracked serial numbers! Thousands of commercial products are posted on the warez sites and become available to all every day! Companies lose millions of dollars every year to software piracy, and faulty protection programs. Shareware developers look for unbreakable protection for their products and create some protection themselves or try many of the ready-made tools. Unfortunately most tools have already been cracked, and self solutions often only take one determined cracked a few hours to bypass. As a result they soon find the stoles keys and product cracks on thousands of hacker Internet pages.

It is time to turn to time tested, EXECryptor protection product. EXECryptor is a powerful software tool that provide developers with software protection from reverse engineering, analysis and modifications. Its main difference from other protection tools is its code transformation called "Code Morphing". This technology protects the code on the CPU-command level. It is known the x86 processors command system is redundant and allows the execution of the same ‘code’ using various different system commands. It breaks up the protected code into several processor commands or small command snippets and replace them by others, while maintaining the same end result. Thus the protector obfuscates the code not on the source level but on the level of the CPU commands.

The Code Morphing is multilevel technology containing hundreds of unique code transformation patterns. In addition this technology includes the special layer that transforms some commands into Virtual Machine commands (like P-Code). Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code.

There is no concept of code decryption with this system Protected code blocks are always in the executable state, and they are executed as a transformed code. The original code is completely lost and code restoration is an NP-hard problem.

The weak point of such scheme is that it significantly increases the size and affects the speed of a program. But protecting an application author usually doesn't need to transform its entire code. It is enough to protect only critical parts of your code, responsible for serial number verification, trial expiration date, and other evaluation restrictions. The rest of application code remains intact and software execution speed remains the same.

Below is a code sample generated by Delphi and a partial (the full listing contains over 500 instructions) listing of the transformed code.

Source code :

writeln('Test OK');

After compilation

mov eax, [$ 004092ec]

mov edx, $00408db4

call @WriteOLString

call @WriteLn

call @_IOTest

After the code transformation (partial):

db 3

add al, $30

xlat

call +$000025b2

jmp +$00000eec

call +$00000941

or al, $4a

scasd

call -$304ffbe9

rol eax, $14

mov edi, [ebx]

jmp +$00001738

mov ebx, eax

shr ebx, $03

push ebx

jmp +$0001b5e

call -$000001eb

jmp +$00003203

jmp +$00005df8

call +$00000910

adc dh, ah

fmul st(7)

adc [eax], al

les eax, [ecx+$0118bfc0]

stosb

http://www.strongbit.com