An Attack on SMC-based Software Protection

Abstract. Self-modifying codes (SMC) refer to programs that intentionally modify themselves at runtime, causing the runtime code to differ from the static binary representation of the code before execution. Hence SMC is an effective method to obstruct software disassembling. This paper presents a method which circumvents the SMC protection, thus improving the performance of disassembling. By disabling the write privilege to the code section, an access violation exception occurs when an SMC attempts to execute. Intercepting this exception allows the attacker to determine and thus compromise the SMC and generate equivalent static code. Our experiments demonstrate that it is viable and efficient