ZProtect
//Code_Confusion is a code out of order encryption mark, allowing you to select a part of the out of order code
Put code ({ 235, 8, 83, 84, 95, 83, 84, 65, 82, 84 }) ' Code_Confusion tag starts
Put code ({ 235, 8, 83, 84, 95, 83, 84, 69, 78, 68 }) ' Code_Confusion tag end
//Code_Elimination is a code clearing tag that allows you to select a portion of the code to be deleted from memory after running; the purpose of using this tag is to prevent crackers from dumping the complete program code from memory.
Put code ({ 235, 8, 79, 67, 95, 83, 84, 65, 82, 84 }) ' Code_Elimination tag starts
Put code ({ 235, 8, 79, 67, 95, 79, 67, 69, 78, 68 }) ' Code_Elimination tag end
//Decode_onExec is a dynamic decoding tag that allows you to select a part of the code segment that is decrypted only when executed; this part of the code is decoded only when it needs to be executed, and is encrypted before and after execution.
Put code ({ 235, 8, 68, 89, 95, 83, 84, 65, 82, 84 }) // Decode_onExec tag starts
Put code ({ 235, 8, 68, 89, 95, 68, 89, 69, 78, 68 }) // Decode_onExec tag end
//Decode_onReg is a registration decoding tag that allows you to select a part of the code that is decrypted with a valid key; if the registration key is incorrect, then this part of the code will always be encrypted. In layman's terms, this part of the code is only executed in the registered version.
//Any number of Decode_onReg tags can be used in the source code, but these code segments will be decrypted at the same time when they are executed. The registration decoding mark is mainly used to activate restricted functions in the unregistered version, so that it can be registered as a full version.
Put code ({ 235, 8, 82, 68, 95, 83, 84, 65, 82, 84 }) // Decode_onReg tag starts
Put code ({ 235, 8, 82, 68, 95, 82, 68, 69, 78, 68 }) // Decode_onReg tag end
//Zprotect_VM is a virtual machine encryption tag, allowing you to select a part of the code to be run in the virtual machine; the virtual machine's instruction system is completely different from the existing x86 instructions, which can effectively prevent code restoration and analysis.
Put code ({ 235, 8, 86, 77, 95, 83, 84, 65, 82, 84 }) // Zprotect_VM tag starts
Put code ({ 235, 8, 86, 77, 95, 86, 77, 69, 78, 68 }) // Zprotect_VM tag end
Suitable for ZProtect V1.4.9.0 version
VMProtect.Easy SDK
Put code ({ 235, 16, 86, 77, 80, 114, 111, 116, 101, 99, 116, 32, 98, 101, 103, 105, 110, 0 }) ' VMP protection start flag
'Key Code
Put code ({ 235, 14, 86, 77, 80, 114, 111, 116, 101, 99, 116, 32, 101, 110, 100, 0 }) ' VMP protection end flag
Enigma Encryption Easy Language SDK
Put code ({ 235, 10, 69, 67, 82, 79, 78, 69, 88, 69, 67, 66 })' mark start
'Key Code
Put code ({ 235, 10, 69, 67, 82, 79, 78, 69, 88, 69, 67, 69 })' mark end
NoobyProtect Encryption Easy Language SDK
Put code ({ 235, 6, 78, 80, 66, 69, 71, 78 })' mark start
'Key Code
Put code ({ 235, 6, 78, 80, 69, 78, 68, 80 })' mark end
Pangolin calls DEMO of functional encryption easy language SDK
Place code ({ 235, 3, 214, 215, 1 })' mark start
'Key Code
Put code ({ 235, 3, 214, 215, 0 })' mark end
ASP Encryption Easy Language SDK
Put code ({ 235, 4, 235, 5, 25, 1, 233, 37, 0 })' mark start
'Key Code
Put code ({ 235, 4, 235, 5, 41, 1, 233, 133, 0, })' mark end
Shielden 2.0.1.0
Put code ({ 235, 7, 83, 69, 66, 69, 71, 78, 0 }) ' SE_PROTECT_START
' Key Code
Put code ({ 235, 7, 83, 69, 69, 78, 68, 80, 0 }) ' SE_PROTECT_END
Put code ({ 235, 7, 83, 69, 66, 69, 71, 78, 77 }) ' SE_PROTECT_START_MUTATION
Key Code
Put code ({ 235, 7, 83, 69, 69, 78, 68, 80, 0 }) ' SE_PROTECT_END
Put code ({ 235, 7, 83, 69, 66, 69, 71, 78, 85 }) ' SE_PROTECT_START_ULTRA
Key Code
Put code ({ 235, 7, 83, 69, 69, 78, 68, 80, 0 }) ' SE_PROTECT_END
Put code ({ 235, 7, 83, 69, 66, 69, 71, 78, 86 }) '
' Key Code
Put code ({ 235, 7, 83, 69, 69, 78, 68, 80, 0 }) ' SE_PROTECT_END
Easy Language SDK conversion method↓
With the support of E5.0 static compilation for standard PE formats, it has become a reality to introduce encrypted shell SDK into E programs to improve software protection quality.
The encrypted shell SDK can be roughly divided into two categories, one is the functional SDK and the other is the protective SDK.
1. Functional SDK.
Functional SDK is used to handle functional operations such as serial number verification and authorization time verification. This type of SDK has various functions that are directly applied in the shell, such as WL; there are also those that need to introduce external DLLs, such as pangolins.
For DLLs without output tables, using the introduction of external SDK, we need to load the DLL and address the functions in the SDK. Through the call subroutine() command in E, we can easily complete the operation of passing parameters to get the return value of the SDK function. After that, the DLL will be unloaded.
For DLLs with output tables, it is OK to call them using E's DLL command.
Friends who are already able to call DLLs can be said to be easy to control the operation of functional SDKs. Just look at the specific API manual of the shell and it will be OK.
2. Encrypted SDK
Usually, encrypted SDKs are shell-like hooks. After the encrypted shell discovers a specific SDK mark in the software, targeted methods will be used to process this code in a targeted manner to improve the security of a specific code segment. This mark is naturally the assembly code defined in pairs!
In Yi, we can easily call assembly code using the put code() command. Specifically for the encryption shell use, we will follow the following method.
Open the SDK that comes with the encryption shell and find a language that you can read and take a look at. For example, the header file of the LCC in the following paragraph.
The following content is the program code:
1 #elif defined(__LCC__)
2 /* Provided by Rubem Pechansky, 26Feb2003 */
3 #define SECUREBEGIN _asm(".byte 0xEB,0x03,0xD6,0xD6,0x00");
4 #define SECUREEND _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
5 #define SECUREBEGIN_A _asm(".byte 0xEB,0x03,0xD6,0xD6,0x01");
6 #define SECUREEND_A _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
7 #define SECUREBEGIN_B _asm(".byte 0xEB,0x03,0xD6,0xD6,0x02");
8 #define SECUREEND_B _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
9 #define SECUREBEGIN_C _asm(".byte 0xEB,0x03,0xD6,0xD6,0x03");
10 #define SECUREEND_C _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
11 #define SECUREBEGIN_D _asm(".byte 0xEB,0x03,0xD6,0xD6,0x04");
12 #define SECUREEND_D _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
13 #define SECUREBEGIN_E _asm(".byte 0xEB,0x03,0xD6,0xD6,0x05");
14 #define SECUREEND_E _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
15 #define SECUREBEGIN_F _asm(".byte 0xEB,0x03,0xD6,0xD6,0x06");
16 #define SECUREEND_F _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
17 #define SECUREBEGIN_G _asm(".byte 0xEB,0x03,0xD6,0xD6,0x07");
18 #define SECUREEND_G _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
19 #define SECUREBEGIN_H _asm(".byte 0xEB,0x03,0xD6,0xD6,0x08");
20 #define SECUREEND_H _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
21 #define SECUREBEGIN_I _asm(".byte 0xEB,0x03,0xD6,0xD6,0x09");
22 #define SECUREEND_I _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
23 #define SECUREBEGIN_J _asm(".byte 0xEB,0x03,0xD6,0xD6,0x0A");
24 #define SECUREEND_J _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
25 #define SECUREBEGIN_K _asm(".byte 0xEB,0x03,0xD6,0xD6,0x0B");
26 #define SECUREEND_K _asm(".byte 0xEB,0x03,0xD6,0xD6,0xFF");
27 #define NANOBEGIN _asm(".byte 0xEB,0x03,0xD6,0xD7,0x01");
28 #define NANOEND _asm(".byte 0xEB,0x03,0xD6,0xD7,0x00");
To explain it in the last two sentences, NANOBEGIN and NANOEND are CC code segment marks in C language. Only when the code segments wrapped by these two marks are CC-protected by the encryption shell. NANOBEGIN is represented by assembly code as 0xEB,0x03,0xD6,0xD7,0x01. This sentence is the hexadecimal representation of C. In E, the assembly statement is represented by decimal representation. That is, we want to translate this code.
0xEB = 235
0x03 = 3
0xD6 = 214
0xD7 = 215
0x01 = 1
Then the expression of NANOBEGIN in the E language is to insert code ({235, 3, 214, 215, 1}).