Set the SDK label to protect the specified Functions/Code/String

In project coding, SDK label API used to mark the specified functions/code/string before compile, when Developer use Virbox Protector to protect app. Virbox will recognize & protect the label function

SDK Label API, String Encryption

Virbox Protector provides SDK label API which can be used by developer to set the label to identify in project coding process, Virbox provides different kind of API (Label) to set the label to protect these critical function, method, algorithm, sensitive code section or string, license key/data, or other critical string with multiple protection option: Obfuscation (Mutation), Virtualization etc.

In this section, we introduce how to use Virbox SDK label API to set label in project coding process, sample provided. Developer also can find more sample case, head file in the installation directory in the Virbox Protector.

Pls note, For the protection feature which SDK labeled, it will only for developer to set the label to each critical "Function, algorithm or String" with specified protection option: Obfuscation, Virtualization or other option. The protection to the specified function/method/algorithm/string will be effective/valid only when developer use "Virbox Protector" to protect it.

How to use SDK Label in Project coding

Introduction

Virbox Protector supports developer to protect software application to against static attack and dynamic attack.

Besides to general protection option setting to application, Virbox Protector supports developer to protect software application to functions/methods level (with most fine grained protection) by select function name and set a label to those critical and important function, methods or code section.

Developer will has 2 ways to set the protection option to these critical functions/method/String/code section:

  1. Use Virbox Protector GUI tool to set protection option in "Function Option" tab: Click & Select;

  2. For those function/methods/string/algorithm or code section which is critical, Developer may also use the Virbox Protector SDK label API to mark it during coding process. then when the project has been compiled into executive or dll libs, or drag the application into the Virbox GUI tool or use Virbox Protector CLI to protect it. Virbox Protector will parse and automatically recognize these label set to these functions/method/critical code section and protect them with the protection option set by SDK label.

In general, Developer may use the Virbox SDK label API (provided by Virbox Protector) to mark to those function/methods or the code section (for example: license key data, critical string etc) which need to be protected, then developer build and compile the code and generate a executive application;

When Developer use Virbox Protector to parse the applications with these labels, Virbox Protector will capable to parse the application and recognize those function/method or code section has been marked. it will help developer to find these critical code location. and protect these functions, string with protection option set accordingly.

Support coding language:

C\C++\C#\OC\swift\Java

System Environment & Prerequisites

  1. Install Virbox Protector into your machine;

  2. After installation, you will find the Head file, Static API, Dynamic API which SDK label's required in following directory:

Head file:

C:\Program Files\senseshield\Virbox Protector 3\sdk\inc\virbox.h

Static API and lib:

C:\Program Files\senseshield\Virbox Protector 3\sdk\lib

Dynamic API and lib:

The path in windows:C:\Program Files\senseshield\Virbox Protector 3\sdk\windows\x86
The path in Linux:C:\Program Files\senseshield\Virbox Protector 3\sdk\linux,includes armand x86 architecture
The path in macOS:C:\Program Files\senseshield\Virbox Protector 3\sdk\darwin,includes arm and x86 architecture
The path Android:C:\Program Files\senseshield\Virbox Protector 3\sdk\android,includes arm and x86 architecture
  1. Demo case, developer may find demo case in below directory:

The path of demo:C:\Program Files\senseshield\Virbox Protector 3\example\sdk

Application supported by use of SDK Label API

Use SDK label API to Native application

The Native application means the executive file or dynamic linked library which compiled in Windows, Linux, ARM Linux, Android and macOS environment.

After you installed the Virbox Protector to your machine, you will find the "head file" which contain the SDK label APIs:

C:\Program Files\senseshield\Virbox Protector 3\sdk\inc\virbox.h

The sample case to SDL label API can be found:

C:\Program Files\senseshield\Virbox Protector 3\example\sdk

Note:
If developer set 2 kinds of SDK Label API by sequence in same code section, 
then only last Label API will be valid, and the first Label API will NOT be effective.
Every SDK lable API must be used in pairs, includes "Start" and "End", if used the
"Start" only and not find the "end" API, when Virbox Developer GUI tool parse the 
compiled program, the code section with single SDK label API (no "end" API)will be 
recorded in the log file.

Set SDK Label API to mark and protect the "functions"

Developer may use SDK Label API to set a Label to: obfuscate/virtualize those critical function/methods in the applications, include the entry instruction which generated after compiled. Following SDK Label API can be used:

VBMutateFunction

Purpose: To obfuscate present function/method

VBVirtualizeFunction

Purpose: To Virtualize present function/method

Sample:

int add(int x, int y)
{
    int ret = 0;
    VBMutateFunction("add#");
    ret = x + y;
    printf("x+y=%d\n", ret);
    return ret;
}

int sub(int x, int y)
{
    int ret = 0;
    VBVirtualizeFunction("sub#");
    ret = x - y;
    printf("x-y=%d\n", ret);
    return ret;
}

Set SDK Label API to mark and protect the "Code Section"

the SDK label can be used to set label for "Code Section" include a pair of label,

Begin&end, which can be use to set the label to the code section in the function, which means only protect the code in between "Begin" and "End"

Label to set for "Begin"

VBProtectBegin : Which means the "Code of Virtualization" start here;

VBVirtualizeBegin Which means the "Code of Virtualization" start here; (same as:VBProtectBegin)

VBMutateBegin : Which means "Code of Obfuscation" start here.

VBSnippetBegin: Which means "Code of snippet start, this feature only valid for Virbox Protector LM (PRO), not applied for Virbox Protector Standalone.

Label to set for "End"

VBProtectEnd : means code protection end , which used in pair with "Begin" label

Sample:

int foo(int x)
{
    if (x == 0)
    {
        VBVirtualizeBegin("foo_1#");
        // do something...
        VBProtectEnd();
    }
    else
    {
        VBMutateBegin("foo_2");
        // do something...
        VBProtectEnd();
    }
    return 0;
}

Attention & Remark

  1. SDK label API applied for static lib (virbox_windows.lib) and dynamic lib

    (virbox32.dll and virbox64.dll), developer may use both when protect your project.

Note
1. Virbox SDK label Dynamic lib only can be load with static and can not be loaded 
with dynamic(which means doesn't support with: LoadLibrary). The reason is because of 
when use SDK label to protect the function, it parse and protect the calling SDK API 
in static, so, it doesn't support to loadlibrary way to load. 
2. The static library can be link to your project directly.
  1. When developer call Virbox SDK label (virbox_windows.lib) with statically, For the String parameter imported by: VBProtectBegin, VBVirtualizeBegin, VBSnippetBegin, VBMutateBegin it can't be shared with other functions.

  2. Make sure the imported string parameter to be the ASCII code, then the correct function's name will be shown and displayed correctly when Virbox Protector GUI tool parsing, otherwise it will show messy code and unreadable.

  3. Every begin must be follow and match with end, use the begin and end in pair used, and only one pair is allowed to mark for one function only.

  4. If the protection option set by the label inconsistent with the protection mode saved in the project configuration file (.ssp file), the system will use the protection option saved in the project configuration file.

  5. The code in between the Begin and End is better to more than 3 lines. which to make sure the protected code will be shown in the GUI of Virbox Protector. (it will Not be shown in the GUI of Virbox Protector for the instruction less 15 bytes)

  6. SDK Label API provides 32bit and 64bit dll libs, you do need to use these libs accordingly.

Use Virbox SDK label API to protect Critical Strings: String Encryption & Decryption

Besides of to use Virbox SDK Label to set mark "functions", "method" with specified "protection" modes (Virtualization, Obfuscation) to protect those "functions", Developer may use SDK Label API to set label to encrypt these Critical string or data in the applications, following SDK Label API can be used:

1. API for String Encryption

VBProtectDecrypt

void *VB_API_CALL VBProtectDecrypt(void *dst, const void *src, int size);

Protection Mode Setting:

String encryption, it is recommend to use this label only for Virbox Protector LM (Pro), not use in Virbox Protector Standalone. with this Label, AES 256 encryption algorithm used to encrypt data.

When application executed, the encrypted string will be kept in the caller memory and it will Not be released.

Sample:

int test_decrypt()
{
	char buf[1024];
#define ENCRYPTED_DATA  "this is decrypted data,please...testing passing"
	puts(__FUNCTION__);

	VBProtectDecrypt(buf, ENCRYPTED_DATA, sizeof(ENCRYPTED_DATA));
	puts(buf);
	return strcmp(buf, ENCRYPTED_DATA);
}

Note: The buffer size of encrypted string must be a multiple of 16;

2. API For String Encryption

VBDecryptData

const void* VB_API_CALL VBDecryptData(const void *data, int size);

Protection mode setting:

String Encryption, usually, Developer may use this API to encrypt the key data (such as private key data), and the data and length must be a constant value, when use this label to protect the data, use random key to encrypt the data, when application executed, the encrypted data kept in the heap memory.

This API can be used together with the API "VBFreeData", the purpose to use “VBFreeData” is to release the Heap memory which to prevent the debug tool find the string in the heap.

Sample:

int test_encrypt_key()
{
	static const unsigned char g_key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10 };
	unsigned char* key = VBDecryptData(g_key, sizeof(g_key));
	for (int i = 0; i != sizeof(g_key); ++i)
	{
		printf("%02x ", key[i]);
	}
	printf("\n");
	return 0;
}

3. API for String Encryption:

VBDecryptStringA

#define VBDecryptStringA(_X_) ((char*)VBDecryptData(_X_, sizeof(_X_)))

Protection mode setting:

Refers to Standard String encryption, which can be used as long as it is static variable or a global variable, and the encrypted string must be a constant.

VBDecryptStringA is the encapsulation of VBDecryptData, and you only need to use VBDecryptStringA when using it.

Developer may combine use this API with the VBFreeString to release the heap memory, to prevent the debug tool to search the string in the heap memory accordingly.

Sample:

1)To encrypt the string directly

VBDecryptStringA("test_string");

2)Local Static variable

static char g_string[] = "test_string";
static const char g_string[] = "test_string";

3)Global variable:

char g_test_string[] = "test_string";
const char g_test_string[] = "test_string";

4)If the program to be encrypted is too complicated and the data to be encrypted can’t be parsed, it will report error when you use Virbox Protector to protect the software, it is recommended to make the program less complicate. Usually it mostly happened to the Linux program in 32 bits which compiled with –fpic or –fpie with O2.

5)The compiler may merge or combine the multiple and same constant strings to be one string, if only one of these string is encrypted, an error would be reported:

Sample:

const char* a = "test_string"; 
const char* b = VBDecryptStringA("test_string");
printf("a = %s, b = %s\n", a, b);

In this sample case, messy code would be shown when you print string “a”.

4. API to wide string encryption (wchar_t)

VBDecryptStringW

#define VBDecryptStringW(_X_) ((wchar_t*)VBDecryptData(_X_, sizeof(_X_)))

Protection mode Setting:

Refers to wide string (wchar_t) encryption, as long as it is a static variable or a global variable can use wide string encryption

it can be used and the encrypted string must be a constant. VBDecryptStringW is the encapsulation of VBDecryptData, and you only need to use VBDecryptStringW when using it.

Sample:

VBDecryptStringW(L"test_string");

Developer may combine use with the API VBFreeString to release the heap memory, to prevent the debug tool to search the string in the heap memory accordingly.

5. API to release heap memory

VBFreeData

void VB_API_CALL VBFreeData(const void *data);

#define VBFreeString(_X_) VBFreeData(_X_)

Protection mode setting:

VBFreeData will release the heap memory only, because, when developer use VBDecryptData to decrypt data. If the heap memory is not released in time, the decrypted string can be seen/leaked through dynamic debugging with tools such as OD\ida;

VBFreeString is a basic encapsulation to VBFreeData. Use the VBFreeString macro to pass the string pointer to the VBFreeData function to release the corresponding memory space. You only need to use VBFreeString when using it.

static char g_string[] = "test_string";
VBFreeString(g_string);

To convenient Developer calling, Virbox Protector also provides API for data decryption without requied to release. When developer require to use the "string" to decrypt. use these API to decrypt to heap memory and it will released when module uninstalled.

VBDecryptDataOnce

Similar use to VBDecryptData , without need to release (free);

VBDecryptStringOnceA

Similar use to VBDecryptStringA , without need to release (free);

VBDecryptStringOnceW

Similar use to VBDecryptStringW , without need to release (free);

API to quit execution

VBSafeExit

When application detect the malicious behavior, when developer call: exit, or abort to quit execution, it is easier to be traced by the attacker and bypassed. so, Developer can use this API:

VBSafeExit

quit execution, with this label, it will destroy the frame, stack called or address returned, which make difficult to attacker to allocate the calling position.

Use Virbox SDK Label API to set "General Protection Option" to application

  1. API for Memory integrity

VBProtectVerifyImage

void VB_API_CALL VBProtectVerifyImage();

Protection mode setting:

VBProtectVerifyImage

User this API to verify the memory integrity, memory check, to detect if application has been tampered (include static patch and dynamic patch), when tampering has been detected, then the protected application will quit execution automatically;

Sample:

void timeit(void (*f)()) {

VBProtectVerifyImage();//detect & verify memory integrity

clock_t start = clock();

f();

cout << double(clock() - start) / CLOCKS_PER_SEC <<"second" << endl;

}

  1. API for for Memory Integrity

int VB_API_CALL VBVerifyImage(void);

Protection mode:

User this API to verify the memory integrity, memory check, if memory integrity verification failed, then it will return with non zero value;

Usage:

When the compiled application (contained this API) has been protected by Virbox Protector, if detected memory has been modified, the protected application will returned with non zero value, and no impact to application execution.

if developer use: VBSafeExit, then the application will quit.

Sample:

void timeit(void (*f)()) {
	int ret = 0;
	ret = VBVerifyImage();// detect memory integrity
	cout << "ret value:" << ret << endl;

	if (ret != 0)
		VBSafeExit(ret);//when memoery is being detected modification, then application will quit execution;
    
	clock_t start = clock();
	f();
	cout << double(clock() - start) / CLOCKS_PER_SEC <<"秒" << endl;
}
  1. API to detect debug tools

VBDetectDebugger

int VB_API_CALL VBDetectDebugger(void);

Protection mode:

Use this API to detect if your application whether or not to be debugged by debug tools, when detected, then it will returned with non zero value;

Usage:

When the compiled application (contained this API) has been protected by Virbox Protector, if detected memory has been modified, the protected application will returned with non zero value, and no impact to application execution. If call VBSafeExit , then application will quit execution,

Sample:

void timeit(void (*f)()) {
	int ret = 0;
	ret = VBDetectDebugger();// detect debug tools
	cout << "ret的值:" << ret << endl;

	if (ret != 0)
		VBSafeExit(ret);//when debug tools detected, then quit excution
    
	clock_t start = clock();
	f();
	cout << double(clock() - start) / CLOCKS_PER_SEC <<"秒" << endl;
}
  1. API to detect the VM

VBDetectVirtualMachine

int VB_API_CALL VBDetectVirtualMachine(void);

Purpose:

To detect if the application execution environment is VM environment (VMWare, Virtual Box etc.) or not;

When VM environment detected, then return with non zero value (Valid for windows only)

Usage:

When the compiled application (contained this API) has been protected by Virbox Protector, if VM environment has been detected , the protected application will returned with non zero value, and no impact to application execution.

Sample:

int check()
{
    // For those functions to detect VM, it is better to enhance security to 
    // set label with Obfuscation or Virutualization label
    VBMutateFunction("check#");
    int code = 0;
    if (VBVerifyImage() != 0)
    {
        // memory patches found!
        code = 1;
    }
    
    if (VBDetectDebugger() != 0)
    {
        // debugger found!
        code |= 2;
    }
    
    if (VBDetectVirtualMachine() != 0)
    {
        // vm tools found!
        code |= 4;
    }
    
    if (code != 0)
    {
        // crash
        VBSafeEixt(0xdead0000 | code);
    }
    
    return 0;
}
  1. API to quit application execution and clear current stack frame

void VB_API_CALL VBSafeExit(int code);

Protection

Quit application execution

Usage:

Call this API and combine use with following API:

VBVerifyImage

VBDetectDebugger

VBDetectVirtualMachine

When use this API directly, then the application protected by Virbox Protector will stop execution directly.

Use SDK Label API in macOS/iOS applications

The SDK Label API used in the macOS environment and the SDK label used in the native is same API.

When compile the project, Xcode can call dynamic library (.dylib) or static library (.a or framework), the function to all of above 3 library are same. developer may free select one of library to call.

The only different thing is, it is necessary to make a configuration to Xcode when compiling the project. Here we brief the process for OC and Swift when using the SDK label.

1. OC Language

1)Frist step is add virbox.h into the project, use the Xcode to open the project, and add the virbox.h into the project;

2)Select the TARGETS->Build Settings->Architectures, to view and check the project's Architecture: ARM64 or FAT format. see screenshot below:

3)Add the related and corresponding the libvirbox64.dylib from the installation directory of Virbox Protector: sdk/darwin, and select the option from: TARGETS->Build Phases->Link Binary, to add the libvirbox64.dylib

4)Import the virbox.h in your code project and add the SDK label API

Code sample as shown as below:

#import "virbox.h"
-(void)readLoad
{
    //you may use to import other SDK label API also
    VBMutateBegin("load_test"); //Code of Obfuscation
    for (int i=0; i<array.count; i++) {
        News * news=[[News alloc]init];
        news.content=array[i];
        [_newsArray addObject:news];
    }
    VBProtectEnd();
    return NO;
}

- (BOOL)isImageSetFolder:(NSString *)folder
{
    //you may use to import other SDK label API also
    VBVirtualizeFunction("reset_test"); //Code of Virtualization
    if ([folder hasSuffix:kSuffixImageSet]
        || [folder hasSuffix:kSuffixAppIcon]
        || [folder hasSuffix:kSuffixLaunchImage]) {
        return YES;
    }
    return NO;
}

2.Swift language

1)Add virbox.h into your project, Use Xcode to open the proejct and add virbox.h into the project, and set the virbox.h to be bridging file;

TARGETS->Build Settings->Swift Compiler->Object-C Bridging Header->Project name/virbox.h

2)Check the Project's Architecture: Select the TARGETS->Build Settings->Architectures, to view the project's Architecture: ARM64 or FAT format. see screenshot below:

3)Find and Add the related and corresponding the libvirbox64.dylib from the installation director of Virbox Protector: sdk/darwin, and select the option from: TARGETS->Build Phases->Link Binary, to add the libvirbox64.dylib

4)Add the SDK label API in the code directly. and add the variable name to SDK Lael API is also required.

Code Sample:

struct ContentView: View {
    var body: some View {
        //you may use to import other SDK label API also
        var body_begin = VBMutateBegin("body_test")// Code of Obfuscation
            
        let columns = [
        GridItem(.flexible()),
        GridItem(.flexible()),
        GridItem(.flexible()),
        GridItem(.flexible())]
        var body_end = VBProtectEnd()// code end
    }
}

struct RdioApp: App {
    var body: some Scene {
        //you may use to import other SDK label API also
        var myva = VBVirtualizeFunction("test") //Code of Virtualization
        HStack(spacing: 24) {
                Image(systemName: "backward.fill")
                    .font(.title3)
                Image(systemName: "play.fill")
                    .font(.title)
                Image(systemName: "forward.fill")
                    .font(.title3)
            }
    }
}

3. Execute the application

1)After compiling completed, the application execution require to dependent to the libvirbox64.dylib , means you need to copy the libvirbox64.dylib which corresponding to the application architecture to /usr/local/lib/libvirbox64.dylib, and then to execute the compiled application.

If not copied the libvirbox64.dylib , the following error will be reported

Note:

For the libvirbox64.dylibin ARM architecture and FAT format, it is necessary to sign first and then copy libvirbox64.dylib later,

2)Drag the compiled application into Virbox Protector GUI tool, then you can find the functions/method which marked by SDK label API in the "Function Option" tab;

Then, Protect your project, the protected application can executed and without dependent on thelibvirbox64.dylib

Use SDK Label API to .NET applications

To use and add the SDK label API into the .NET application, it is support following protection option to be set and protect the functions/methods:

Code of Encryption,

Code of Obfuscation.

Code of Virtualization.

To add the SDK label API in the project, it is consistent with Microsoft syntax, and when .NET project compiled completed. drag the the .NET application into the Virbox Protector GUI tools, then The protection option marked by SDK label API will be displayed in the "Function Option" tab.

Sample Code:

C:\Program Files\senseshield\Virbox Protector 3\example\sdk\dotnet_sdk_demo

Sample syntax:

// name
[Obfuscation(Feature = "Rename", Exclude = false)]//Code of Obfuscation
public class main
{
    [Obfuscation(Feature = "Mutate", Exclude = false)]//Code of Obfuscation
    public static void test1(string[] args)
    {
        System.Console.WriteLine("hello Virbox.Mutate!");
    }
    [Obfuscation(Feature = "Encrypt", Exclude = false)]//Code of Encryption
    public static void test2(string[] args)
    {
        System.Console.WriteLine("hello Virbox.Encrypt!");
    }
    [Obfuscation(Feature = "Virtualization", Exclude = false)]//Code of Obfuscation
    public static void test3(string[] args)
    {
        System.Console.WriteLine("hello Virbox.Virtualize!");
    }
}

Note:

  1. SDK Label API can be added before the class name, and if SDK label also has been set to methods, then the SDK label set to methods will be displayed first.

  2. The SDK label marked to Function and "Name of obfuscation" can Not be added into the code directly, it only can be added in front of class name and method names.

Use SDK label API to Java Applications

For Java Project, Virbox Protector support to use SDK label API with "Code of Virtualization", add the annotation VBVirtualize in the Java code, and import it in the methods, when Java project compiled completed, drag the compiled Java project into Virbox Protector GUI tools, then Virbox Protector will display the protection option set to function/method by SDK label API.

Note: the filename must be the VBVirtualize, and the package name must virbox, otherwise the Virbox Protector will not recognized the SDK label marked.

  1. Create VBVirtualize.java, the content shown as below

package virbox;

public @interface VBVirtualize
{
}
  1. How to import

import virbox.VBVirtualize;

@VBVirtualize // Add it before the class, then all of methods will be protected on default.
public class Main {
    public static void main(String[] args) {
        System.out.println("hello");
        test_vir();
    }

	@VBVirtualize // Add it before the methods, protect this method only
	public static void test_vir()
	{
	    System.out.println("test_vir");
	}

}

Use SDK Label API in Android applications

Applicable Scenario

When you use the Virtualized SDK label API to mark the "Class" or "Methods", Drag the compiled Android Apk/AAB package into Virbox Protector GUI tool, The GUI tool will parse and display the class and method which marked by SDK label.

When developer use Proguard to obfuscate Android project, probably it may not parse the method/function name successfully;

When you use the “Virtualization" API to mark the class and methods, then it will not necessary to find and view the corresponding method's name or class's name.

Sample case path at:

C:\Program Files\senseshield\Virbox Protector 3\example\sdk\APK

Notice:
1)For the Android Apk/AAB application which enable the "Proguard" in the "Compile" Option, some of function/method can be optimized which may cause the function marked by SDK label failed to parse and displayed.

2)The file name must be VBVirtualize, the package name must be virbox, otherwise the SDK label marked may not be recongized by Virbox Protector.

Protection Process

  1. Open the Android Project and create a new directory, name with "virbox"

  1. Create >Java Class:

  1. Select >Interface and name as: VBVirtualize;

  1. Add the following code in the "VBVirtualize.class":

package virbox;
import androidx.annotation.Keep;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;

@Keep
@Retention(RetentionPolicy.RUNTIME)
public @interface VBVirtualize {
}
  1. Import VBVirtualize from other class:

If @VBVirtualize is placed on (above) the the "class",

When you enable "Proguard" to obfuscate the project code; it means the SDK label will be marked to this class and retain the class name (not obfuscated by Proguard); and the name of the other class which not marked by Virbox SDK label, will not be retained (obfuscated by Proguard);

When you disable the "Proguard" option, it means Virbox SDK label will be marked to this class;

import virbox.VBVirtualize;

@VBVirtualize
public class SecondFragment{
    @Override 
    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
        FragmentSecondBinding inflate = FragmentSecondBinding.inflate(inflater, container, false);
        this.binding = inflate;
        return inflate.getRoot();
    }
    public void onDestroyView() {
        super.onDestroyView();
        this.binding = null;
    }
}

If @VBVirtualize is placed on (above) the the "method";

When you enable "Proguard" to obfuscate the project code; it means the SDK label will marked to this method and retain the method name (not obfuscated by Proguard); and the name of the other method which not marked by Virbox SDK label, will not be retained (obfuscated by Proguard);

When you disable the "Proguard" option, it means Virbox SDK label will be marked to this class;

import virbox.VBVirtualize;

public class SecondFragment{
    @Override 
    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
        FragmentSecondBinding inflate = FragmentSecondBinding.inflate(inflater, container, false);
        this.binding = inflate;
        return inflate.getRoot();
    }
    @VBVirtualize
    public void onDestroyView() {
        super.onDestroyView();
        this.binding = null;
    }
}

All sample to call SDK Label API can be found in the Virbox Protector installation directory

C:\Program Files\senseshield\Virbox Protector 3\example\sdk\C

All Head file for SDK Label API can be found in the Virbox Protector installation directory

C:\Program Files\senseshield\Virbox Protector 3\sdk\inc\virbox.h

FAQ

  1. Q: For SDK Label API, map and pdb file, which one will be the first priority when Virbox Protector to protect the application?

    A: SDK Label API will be the first priority when Virbox Protector parse and protect the Application in protection process;

  2. Q: Will Virbox SDK label also support to be set and used to the ARX file (the compiled file is ARX)

    A: Yes, Virbox SDK label support to set the SDK label to compiled to arx file.

  3. Q: Does global variables can be protected by SDK Label?

    A: Yes, Global variable can be set and protected by VBDecryptStringA, for PE, elf and machO application.

  4. Q: begin end is the function body that only processes the current function. If function A calls function B, and function B uses the SDK label, then function A can also use the SDK label again. does this case means nested?

    A: No, It is not the nested case;

  5. Q: In a c++ program, after protecting the the sdk label by using String Encryption, can it be seen using the OD debugger?

    A: It can be found and seen in the heap memory using OD. You can call VBFreeString(xxx) to release it after each use, and it will no longer be found in the heap memory.

  6. Q: For C# program, By using String Encryption, does it can prevent strings from being dumped from memory? Can the OllyDbg see it?

    A: It cannot prevent the string from being dumped from the memory. But the OllyDbg cannot scan the memory directly. only If you find the place where the string is actually used and break point, then you can see the sting encrypted.

Last updated