Protect the Native PE application

Virbox Protector supports to protect Native PE Apps in both GUI tool and CLI tool, in Windows, Linux and ARM linux environments.

The protection process here we introduced applied for local native language application which based on C, C++ language: exe, dll file etc, the PE program protection and encryption process.

Protect your Native PE program in 5 steps

1. Import file: import the file which need to be protected (exe or dll) to Virbox Protector;

2. Set the configuration of "Function Option"; (Select and Protect these specified functions which you want to protect.);

3. Set the configuration of "Protection Option"; (Set the protection to protect the PE program in general);

4. Click to "Protect Selected Projects" to start the protection process;

5. Backup the source file, use the protected file for further testing/evaluation and save the "configuration" file;

For asssociated data assets and resource, use the plug in unit: DS Protector to protect it. see User Manual DS Protector.

Prerequisites

Sign-up Virbox Protector and install the Virbox Protector;

Open Virbox Protector and sign in with your account and password for trial you received.

💡Above pre-requisition is for test/evaluation Virbox Protector only.

To protect formal and commercial release software, pls purchase and get the related Virbox Protector license.

Protection Process

1. Import the PE file which you want to protect (exe or dll) into Virbox protector

   Drag the exe or dll file into the Virbox protector directly, or:

   Open file from Virbox Protector menu--> File-->Open File

   Then Virbox Protector will parse the file to be protected automatically.

2. Set the configuration of "Function Option"

Virbox Protector supports to protect the software application to the specified function's level and provides several protection mode for developer selection to protect the critical functions.

Developer may select the functions contained in the PE file and set the protection mode to specified functions here.

Go to "Functions Option" tabs,

Virbox Protector will parse the functions and listed in the GUI,

"Left click" to select the functions which you want to protect, "Right click" to set the protection mode: Virtualization, Obfuscation, Encryption;

you can click "Add Function" button to add other functions and "Drop down" to set the protection mode to those added functions. then click "OK" to add more "functions"

Click "Analysis" button after set the protection mode of these selected "functions", you can test and evaluate if the execution peformance is satisfy or not, if not, suggest you can skip the function which called frequently to improve execution performance.

Ctrl+A to select “All of Functions"

• 3. Set the configuration of "Protection Option"

  Developer may set the protection configuration to the PE executive or DLL file in general here:

Go to the "Protection Option" tab,

3.1 Set the Output path of the protected files, developer may set the output path and new file name of protected file; otherwise a new sub directory will be created with \protected, the protected file will be saved in this new created sub-directory.

3. 2. Click to select the Protection Options to protect your application file in general:

3. 2.1) Import Table Protection:

To protect and encrypt the "Import table" and hide the API list to protect the functions called from external, it is recommend to click and select this option to enhance the security level;

3.2.2) Compression:

To compress the file size and prevent the protected file from the static decompiling

3.2.3) Memory Check (Verify the code Integrity)

When program executed in memory, The loader of Virbox Protector will check each memory block to ensure the code integrity to prevent tampering, repackaging;

With SDK labeling feature, to verify the memory with dynamically to prevent from tampering

3.2.4) Resource Section Encryption

Encrypt the Resource Section in the program, and use the license to decrypt when program executed and preventing the resources information being extracted and tampered illegally.

Resource Section Encryption applied for local PE program only;

3.2.5 Anti-Debugging:

Click to set to this feature, The protected application will quit the execution when debugging of process has been detected;

3.2.6 Virtual Machine Detection:

Click to set this feature, The protected application will quit the execution when detect the Virtual Machine environment, include VMWare, Virtual Box etc.

3.3 Plugin Switch on/off

Besides of protection set in above feature, Virbox Protector support below plugin switch on/off to enhance the security to protected files:

3.3.1 Switch on/off: Advanced Process Protection: RASP

RASP: Runtime Application Self Protection: this plugin focus to protect the process running in the kernal for the application in windows platform, when this plugin start to execute, it will load the driver integrated to protect process itself to prevent the third party plugin to skip the normal anti debugging protection from debugging in memory. It is also effective to defense the "Cheat Engine" to scan the memory which running the process.

RASP plugin are most effective functions and applied to those scenario which highly security required. additional license from Virbox required.

There are 3 features can be select in the "Advanced Process Protection" plugin:

• Memory Protection:

Click to protect the memory information executed for windows application; which to prevent the attacker/hacker to scan the process memory by use of "Cheat Engine" tools;

• Kernel Mode Anti-debugging

Click to activate the Anti-debugging feature to prevent the debugging tool to debug the kernal;

• Show Error Message

Pop up error message inlcudes error code when program execution error occured, and popup message will be quite after 5 seconds automatically;

3.3.2 Switch on/off the ds Plugin

Switch on/off the DS Protector, a plug in unit which used to encrypt/protect the data source file of protected program, you need to "switch on" the "ds" button to open "DS Protector"and set the password for protected data source file.

Another way to open the DS Protector is go to the \bin subdirectory of Virbox Protector and double click: deprotector.exe to open DS Protector. but you still need to "Switch on" ds button to enable the ds function in Virbox Protector.

4. Click to Start the "Protection" Process

When you complete the setting to "Function Option" and "Protection Option", Click to the button "Protect Selected Projects" in the Menu, to start the "Protection" Process. and click "Run Application" to verify if the execution performance is satisfied, if everything is OK, click "OK" to complete the Protection process.

5. Backup the source file. Use the protected file for further testing and save the "configuration" file

Go to output directory, you will find one new file: pe_tetris1.exe.ssp and one sub directory \protected has been generated:

The "PE_Tetris1.exe" is source file which not be protected. you need to keep the source file to another directory and not distribute this source file to your user.

The "PE_Tetris1.exe.ssp" is the configuration file which save all of protection option setting, you can reuse this configuration file when your application updated.

The sub directory: \Protected" is the protected file located. you can find the the protected file (with same name of source file) and use this file for further testing.

Summary

Above is the protection process to protect native PE executive or DLL file, the relevant resource assets can be protected by use of DS Protector;

For more further information to Virbox Protector and DS Protector, you may refer the User Manual_Virbox Protector and User Manual_DS Protector.