You can’t use a tool effectively if you are unfamiliar with the terminology specific to its subject area. The following glossary explains the terms used in VMProtect. This glossary is not intended to be exhaustive, and some definitions may differ slightly from their traditional or commonly accepted meanings.

Bytecode – the code generated after transcoding instructions of the physical processor into instructions of the virtual machine.

Virtualization – a process that transforms a portion of the application’s executable code into instructions of a virtual machine with an architecture, instruction set, and operational logic unknown to a potential attacker. Virtualized code fragments are executed directly by the virtual machine interpreter without being translated back into the native machine code of the physical processor. In practice, reverse engineering of virtualized code usually requires building a custom disassembler or analysis environment capable of understanding the architecture emulated by the virtual machine, followed by extensive analysis of the resulting disassembled code.

Virtual Machine – a software-based execution environment that directly interprets and executes bytecode inside the protected application.

Watermarks – a unique array of bytes generated for each individual user, allowing reliable identification of the legal owner of a leaked or hacked copy of the software.

Mutation – the process of replacing an original instruction with an equivalent instruction or a sequence of instructions that produces the same result while altering the structure of the code.

Obfuscation – a collection of methods and techniques intended to complicate analysis and reverse engineering of program code. Depending on the programming language used to develop the protected application, different obfuscation techniques may be applied. Obfuscation of applications written in interpreted languages such as Perl, PHP, and similar languages is typically performed by modifying the source code: removing comments, renaming variables to meaningless identifiers, encrypting string constants, and restructuring logic. Obfuscation of Java and .NET applications involves transforming the bytecode executed by the virtual machine. Obfuscation of compiled native applications relies on modifying machine code instructions: the obfuscator may insert “garbage” instructions, dead code, random jumps, misleading execution paths, and unnecessary operations. Original instructions may also be mutated, some operations may be transferred to the stack, and various structural or, less commonly, mathematical transformations may be applied. Reverse engineering of obfuscated code attempts to restore the original program logic, which can become an extremely time-consuming task when obfuscation is implemented correctly.

Protector – software designed to protect other applications from unauthorized analysis, modification, cracking, or redistribution. Most modern protectors do not modify the original source code of the protected application directly, but instead pack, encrypt, virtualize, or otherwise transform the executable code. The primary focus is usually placed on protecting the unpacking, decryption, or execution mechanisms themselves.

Entry Point – the initial memory address from which execution of the loaded application begins.

Packing – a method of protecting program code by compressing executable files and/or libraries using specialized or non-standard algorithms. Protected code fragments are compressed by the packer and later unpacked fully or partially on the user’s system during application execution.

Encryption – a protection method that secures parts of an application’s code using strong cryptographic algorithms. Software protected by encryption often requires the end user to enter a valid activation code or license key in order to remove restrictions imposed on the unregistered or trial version of the application.