Protection Tutorial: From Beginner to Pro

发布于 2 天前  4 次阅读


Recently I was working on a project involving Code, and I thought it'd be helpful to share some insights.

Found this helpful? Share it with your team and leave a comment below!

正文

The Common Intermediate Language (CIL) is a set of platform-independent instructions generated by the language-specific compiler (C#, VB.NET...) from the source code. The CIL is platform-independent and can be executed on any Common Language Infrastructure supported environments such as the .NET runtime or Mono.

The way how the CIL and other metadata is stored must follow a specific standard (ECMA-335). This way tools like .NET Reflector or ILSpy can read the CIL instructions and translate the code back to its source language (C#, VB.NET...).

Code Virtualization converts the CIL code into a set of randomized instructions which are interpreted at runtime by our virtual machine. As there is no standardized procedure to interpret the new instruction set correctly, the original CIL instructions can't be reconstructed. Consequently, the virtualized code can't be translated back to its source language.

As the performance of virtualized methods is significantly decreased, code virtualization should only be applied to selected methods.

To enable code virtualization you need to decorate the corresponding methods with the following attribute:

[System.Reflection.ObfuscationAttribute(Feature = "Virtualization", Exclude = false)]

[System.Reflection.Obfuscation(Feature = "Virtualization", Exclude = false)]

public void CreateFile(string filename, string content)

string directory = Path.GetDirectoryName(filename) ;

StreamWriter streamWriter = new StreamWriter(File.Open(filename, FileMode.OpenOrCreate, FileAccess.Write, FileShare.ReadWrite)); streamWriter .Write(content);

The remaining stub code executes the virtual machine. Compress & Encrypt Resources

More Details

There are a few more points worth noting. First, browser compatibility varies across different browsers. Second, performance optimization is crucial when handling large amounts of data. Finally, key management is also an important consideration.

This article was first published on JSVMP Blog. Reposting with attribution is welcome.

Reference: Code Virtualization


点击体验一键VMP加密 |下滑查看JSVMP相关文章

Protection Tutorial: From Beginner to Pro

发布于 10 天前  17 次阅读


不少同学在群里讨论Code,这里统一回复一下,顺便整理成文章。

Ready to learn more? Subscribe to our newsletter for weekly tutorials and tips.

正文

通用中间语言(CIL)是由特定语言编译器(C #、VB.NET...)从源代码生成的一组与平台无关的指令。CIL与平台无关,可以在任何通用语言基础设施支持的环境(如.NET运行时或Mono )上执行。

CIL和其他元数据的存储方式必须遵循特定标准( ECMA-335 )。这样,像.NET Reflector或ILSpy这样的工具就可以读取CIL指令,并将代码翻译回其源语言( C #、VB.NET... )。

代码虚拟化将CIL代码转换为一组随机指令,这些指令在运行时由我们的虚拟机解释。由于没有标准化的程序来正确解释新指令集,因此无法重建原始CIL指令。因此,虚拟化代码无法翻译回其源语言。

由于虚拟化方法的性能显着降低,因此代码虚拟化应仅应用于选定的方法。

要启用代码虚拟化,您需要使用以下属性修饰相应的方法:

[System.Reflection.ObfuscationAttribute (Feature = "虚拟化", Exclude = false)]

[System.Reflection.Obfuscation (Feature = "虚拟化", Exclude = false)]

public void CreateFile (字符串文件名,字符串内容)

string directory = Path.GetDirectoryName (文件名);

StreamWriter streamWriter = new StreamWriter (File.Open (filename, FileMode.OpenOrCreate, FileAccess.Write, FileShare.ReadWrite)); streamWriter .Write (内容);

剩余的存根代码执行虚拟机。压缩和加密资源

更多内容

除了上面提到的内容,还有几个点值得注意。首先是浏览器的兼容性,不同浏览器对Web Crypto API的支持程度有所不同。其次是性能问题,加密操作在大量数据时可能会影响用户体验。最后是密钥管理,如何安全地存储和传输密钥也是一个需要考虑的问题。

以上就是关于这个话题的完整分享,希望能对大家有所帮助。如果还有其他问题,欢迎在评论区留言讨论。

Reference: Code Virtualization


点击体验一键VMP加密 |下滑查看JSVMP相关文章

Protection Tutorial: From Beginner to Pro

发布于 2026-04-10  50 次阅读


I've had several readers ask me about aesthetic0001/js-virtualizer recently, so I decided to write a comprehensive article about it.

Found this helpful? Share it with your team and leave a comment below!

正文

js-virtualizer is a proof-of-concept project which brings virtualization-based obfuscation to javascript. In this implementation, bytecode is fed to a virtual machine implemented in javascript which runs on its own instruction set. A transpiler is included to convert select

to opcodes for the VM. It is important to note that js-virtualizer is

not intended for use on entire programs, but rather for specified functions

! There will be a significant performance hit if you try to run an entire program through the VM (it is also not practical to do so as truely concurrent async is not supported by the current implementation, so everything in the program would have to run synchronously)

You need to mark the functions you want to virtualize by putting a comment with the text

for a full example and the samples folder for some sample code you can try virtualizing.

// the filename of the code; will be used as the default output filename

// whether or not the transpiler should directly write the output to a file

// the path to write the vm for the transpiled code to

// whether or not to remove unused opcodes from the instruction set

// whether or not to obfuscate the VM code through js-confuser

// whether or not to obfuscate the transpiled code through js-confuser `Virtualized code saved to:

) - the filename of the code; will be used as the default output filename where the transpiled code & the VM will be written to

) - whether or not the transpiler should directly write the output to a file

) - the path to write the vm for the transpiled code to

More Details

There are a few more points worth noting. First, browser compatibility varies across different browsers. Second, performance optimization is crucial when handling large amounts of data. Finally, key management is also an important consideration.

This article was first published on JSVMP Blog. Reposting with attribution is welcome.

Reference: aesthetic0001/js-virtualizer


点击体验一键VMP加密 |下滑查看JSVMP相关文章