Glossary

It is impossible to effectively operate any tool without knowledge of the specific terms used. This glossary defines the terms relating to the use of VMProtect. The glossary is not intended to be universal and define everything completely; the definitions given may differ from the classic ones.

Bytecode: code received after translating native machine instructions into virtual machine instructions.

Virtualization:the process of translating part of the application executable code into instructions of a virtual machine with an instruction set, architecture and logic that is unknown to a potential cracker. Virtualized parts of the code are executed by the interpreter (virtual machine) without being precompiled into native machine code. Generally, the reengineering of virtualized fragments derives from the study of virtual machine architecture. This results in the creation of a disassembler that corresponds to the CPU architecture, which is emulated by the virtual machine and analyzing the disassembled code.

Virtual machine: the software code that directly executes bytecode in the protected program.

Watermarks: a byte array unique to every user allowing the unambiguous identification of the legal owner of the cracked software copy.

Mutation: replacing the source instruction with its analog (or a certain instruction sequence), which gives the same result as the source instruction.

Obfuscation: a set of methods and techniques aimed at making it harder to analyze the software code. Depending on the programming language of the protected program, different types of obfuscators are used. In case applications written in interpreted languages (Perl, PHP, etc) are obfuscated, changes are made in their source code: comments are deleted, variables are given meaningless names, string constants are encrypted and so on. If software written in Java / .NET is obfuscated, the bytecode executed by the virtual machine is transformed. If compiled software is obfuscated, the machine code is modified: "garbage" instructions, "dead code", random jumps are inserted, some operations are moved to the stack, and various structural (more rarely mathematical) transformations are made. During the reengineering of obfuscated parts of code, attempts are made to convert them back to the original, which becomes a very time-consuming task if a comprehensive approach to obfuscation is adopted.

Protector: a program used to protect other software products against being cracked. Most modern protectors do not modify the source code of the application, but pack/encrypt it with close attention to protecting the program (procedure) that unpacks/decrypts the protected software.

EntryPoint: the initial address where the file execution starts.

Packing: an application code protection method when the executable file of the program and/or its inventory is compressed with the help of unusual algorithms. When using packing, the packer compresses the protected software code and when the end user runs the application, it is completely or partially unpacked.

Encryption protecting part of the application with the help of strong encryption algorithms. In cases of software protected with the help of encryption, the end user has to enter the activation code that disables the limitations of the unregistered version imposed by the developer.