Virtual Machine Protection

Background
With the popularity of network, the piracy of software becomes more serious, the interests of commercial software and shared software are being violated severely. Although significant efforts have been made to resist software piracy, and various technologies such as anti-debuggers, anti-dump, anti-hook, and obfuscation code have been adopted to increase the difficulty of crack, in theory, there is no way can prevent the software attacks ultimately, because the common IA-32 system architecture has been researched deeply, at the same time all the binary codes will be loaded into the machine memory, all the information (memory, registers, port) can be seen or disassembled by hackers easily.

A Virtual Machine is a like a computer running within a computer. Although slightly slower than running pure Machine Code, this offers greater portability as well as robustness and reliability.
Virtual Machine can emulate the pure Machine Code or Interpreted Code. In this doc, we will call it as P-Code (Protected Code) is one kind of code can be interpreted by virtual machine.

Currently there are many software protection have adopted virtual machine to enhance the difficulty of crack, and have achieved some progresses. Usually they can be classified into two methods; one is pure hardware-based solution, the second is pure software-based solution. However all the virtual machine protection solutions have some problems or weak points.

Problem
In the traditional hardware-based virtual machine protection solution, the complete virtual machine will be implemented in the dongle. The complete P-Code file will be loaded into EEPROM of the dongle previously or at runtime. Although this way is secure because all the information will be hidden in the dongle, it can not support the P-Code file which requires large stack and heap memory because the RAM of dongle is very small usually in the dongle.

In the traditional software-based virtual machine protection solution, all the data and variables in the host memory are stored as the plain format or even as the encrypted format whose decryption codes can be found in the host memory by hackers debugging. Moreover execution paths can be analyzed by hackers. Although despite there is no limitation of stack and heap memory, it is not securer than hardware-based virtual machine protection solution.