Software Code Protection on the .NET Platform

2025;
: pp. 17 - 33
1
Lviv Polytechniс National University
2
Lviv Polytechnic National University Department of Software, Lviv, Ukraine

In the work, a study of the functioning of complex information systems is carried out, which is aimed at the analysis of existing protection methods, the development of the concept of the code transformation mechanism, which will ensure a high level of protection of .NET applications. The architecture of the .NET Framework with modern universal improvements is considered. One of the important elements is the Base Class Library (BCL), which is a set of base classes and libraries that provide standard functionality, such as working with files, networks, databases, text processing, and basic data structures. It was determined that obfuscation is one of the most common methods of software protection, which consists in modifying the source or intermediate code in such a way as to preserve its functionality, but make it difficult to understand. The main features of code improvement are established, which consist in obfuscating execution flows, encrypting string literals, and using packers and crypters. A characteristic feature of packers and crypters is direct injection into memory, which reflects its functionality in unpacking or decrypting program code directly into random access memory (RAM), which makes it difficult to remove a dump of the process. In addition, the entanglement of execution threads allows you to modify the logic of the software operation by inserting unnecessary conditions, loops or transitions, which creates complex execution structures. The anti-debugging process is proposed, which is one of the key components of software protection against reverse engineering. A conceptual approach to the implementation of software anti-debugging mechanisms is formed, which consists in multi-level protection of software and changes the instructions and behavior of the virtual machine. One of the important elements of such algorithms is checking parent processes and detecting debugging using hardware breakpoints. This, in its turn, opens up the possibility during the design of a virtual machine in combination with other techniques to create significant obstacles for the analysis of the software code.

  1. Anckaert, B., Jakubowski, M., & Venkatesan, R. (2006). Proteus: Virtualization for Diversified Tamper- Resistance. In DRM '06: Proceedings of  the ACM workshop on  Digital rights management, 30, 47 –58. doi:10.1145/1179509.1179521.
  2. Fang, H., Wu, Y., Wang, S., & Huang, Y. (2011). Multi-stage Binary Code Obfuscation Using Improved Virtual Machine. Lecture Notes in Computer Science, 7001, 168–181. doi:10.1007/978-3-642-24861-0_12.
  3. Francisca, O., Onyemaechi, O., & Okechukwu, O. (2012). Exploring the two faces of Software Reverse Engineering. International Journal of Advanced Research in Computer Science and Software Engineering, 2(4), 366– 370. doi:10.23956/ijarcsse.
  4. Ghosh, S., Hiser, J., & Davidson, J. (2013). Software protection for dynamically-generated code. In Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop, 1, 1–12. doi:10.1145/2430553.2430554.
  5. Golovko, I., Medzatyi, D., & Ivanchenko, O. (2024). Methods of obfuscation of program code using artificial intelligence. Informatics, computing and automation. Bulletin of the Vernadskyi University of Technology, 35(74), 115 – 123. doi:10.32782/2663-5941/2024.5.1/18.
  6. Kienle, H.M., & Müller, H.A. (2010). The Tools Perspective on Software Reverse Engineering: Requirements, Construction and Evaluation. Advances in Computers, 79, 189–290. doi:10.1016/S0065-2458(10)79005-7.
  7. Nadir, I., Mahmood, H., & Asadullah, G. (2022). A taxonomy of IoT firmware security and principal firmware analysis techniques. International Journal of Critical Infrastructure Protection, 38, 100552–100585. doi:j.ijcip.2022.100552.
  8. Tang, Z., Li, M., Ye, G., Cao, S., Chen, M., Gong, X., Fang, D., & Wang, Z. (2018). VMGuards: A Novel Virtual Machine Based Code Protection System with VM Security as the First Class Design  Concern. Applied Sciences, 8(5), 771–794. doi:10.3390/app8050771.