Code morphing
Code morphing is an approach used in obfuscating software to protect software applications from reverse engineering, analysis, modifications, and cracking. This technology protects intermediate level code such as compiled from Java and .NET languages (Oxygene, C#, Visual Basic, etc.) rather than binary object code. Code morphing breaks up the protected code into several processor commands or small command snippets and replaces them by others, while maintaining the same end result. Thus the protector obfuscates the code at the intermediate level.[1]
Code morphing is a multilevel technology containing hundreds of unique code transformation patterns. In addition this technology transforms some intermediate layer commands into virtual machine commands (like p-code). Code morphing does not protect against runtime tracing, which can reveal the execution logic of any protected code.
Unlike other code protectors, there is no concept of code decryption with this method. Protected code blocks are always in the executable state, and they are executed (interpreted) as transformed code. The original intermediate code is absent to a certain degree, but deobfuscation can still give a clear view of the original code flow.
Code morphing is also used to refer to the just-in-time compilation technology used in Transmeta processors such as the Crusoe and Efficeon to implement the x86 instruction set architecture.
Code morphing is often used in obfuscating the copy protection or other checks that a program makes to determine whether it is a valid, authentic installation, or an unauthorized copy, in order to make the removal of the copy-protection code more difficult than would otherwise be the case.
See also
References
- "The Transmeta Code Morphing™ Software: using speculation, recovery, and adaptive retranslation to address real-life challenges". CGO '03: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization – via ACM.