6. Dynamic Obfuscation

The static obfuscation algorithms we showed you in Chapter 4 (Code Obfuscation) transform the code prior to execution. In this chapter, we’ll show you dynamic algorithms that transform the program at runtime. In theory, you could turn any static algorithm into a dynamic one simply by including the obfuscator with the executable and transforming the code as it runs! In practice, however, obfuscators are large and slow programs, and for stealthiness and performance reasons we need small and quick runtime transformers.

When an attacker looks at statically obfuscated code, he sees a mess, but every time he runs the code, for example, under a debugger, he sees the same mess. Running the code multiple times, with different input ...

Get Surreptitious Software now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.