6. Dynamic Obfuscation

The static obfuscation algorithms we showed you in Chapter 4 (Code Obfuscation) transform the code prior to execution. In this chapter, we’ll show you dynamic algorithms that transform the program at runtime. In theory, you could turn any static algorithm into a dynamic one simply by including the obfuscator with the executable and transforming the code as it runs! In practice, however, obfuscators are large and slow programs, and for stealthiness and performance reasons we need small and quick runtime transformers.

When an attacker looks at statically obfuscated code, he sees a mess, but every time he runs the code, for example, under a debugger, he sees the same mess. Running the code multiple times, with different input ...

Get Surreptitious Software now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.