Which Macros should I use? Themida的SDK中应该怎么使用各种宏?
原文:
It is normal that a programmer feel lost when deciding which macros he/she should use. Here we try to clarify that decision for you.
· VM macros and CodeReplace macros are the strongest ones in security
· Encode macros are not so strong but they have good performance when you have a loop with many iterations inside a macro
· VM macros and CodeReplace can be used with no problems in DLLs, instead Encode and Clear macros might crash on DLLs (due to relocations)
· VM Macros and CodeReplace macros are converted into internal virtual code, increasing a bit the size of each macro. If you use about 100 VM macros, the size of your application could be increased a few dozens of Kilobytes
· VM macros and CodeReplace can support declaration of variables inside macro and "return" (C/C++) / "Exit" (Delphi) statements inside the macro. This is not valid for Encode macros
· VM macros and CodeReplace macros cannot be used with exception handling. Encode / Clear macros should work fine with exception handling.
· VM and CodeReplace macros cannot have nested macros inside. Encode/Clear macros can have any nesting level inside them
Some numbers to help
We recommend you to put an equivalent number of macros according to the size of your unprotected application. About 10 macros / Megabyte should be a good protection for your application. So, if your application has 3 Mb size, you should put 30 macros on it.
About which macros you should insert, a possible estimation could be 70% of VM macros, 20% for CodeReplace macros and 10% for Encode macros.
翻译:
在决定使用哪个Macro时,程序员往往会感到很迷惑.没关系,这是正常现象.下面我们来试着解除你的迷惑.
1.WM macros和CodeReplace macros 是所有macro里安全度最强的两个
2.Encode macros虽然不如上面两个强度那么高,但是用在一段比较复杂和冗长的循环代码中,程序的性能要比上面两个好
3.在DLL里面使用VM macros和CodeReplace macros不会出现问题,但是使用Encode macros和Clear macros可能会出现因为重定位导致的崩溃
4.VM macros和CodeReplace macros会在程序内部转换为虚拟指令码,使程序体积有所增长.如果你使用了100个左右的VM macros,程序体积可能会增长几十Kb.
5.VM macros和CodeReplace macros中可以声明变量,可以使用返回语句(C++里为return),但是Encode macros中就不可以.
6.VM macros和CodeReplace macros不能和异常处理代码一起使用,相反Encode / Clear macros应该可以正常一起使用.
*语言不精,不知道此处表达的是macro中使用异常处理,还是异常处理中使用macro
7.VM macros和CodeReplace macros不能嵌套使用,Encode / Clear macros可以任意级别的嵌套使用.
我们建议你使用跟程序体积相符的macros数量,大约每M使用10个macros,这样的话如果你的程序有3M大小,应该使用30个左右.
最后,到底应该怎么结合使用这些macros呢,来自官方的评估给出了[70%的VM, 20%的CodeReplace和10%的Encode]这样一个比例,仅作参考.
备注:
macro(s) 指的ThemidaSdk里定义的宏,一般都是成对使用的
1 VM_START 2 ... 3 VM_END 4 5 6 CODEREPLACE_START 7 ... 8 CODEREPLACE_END 9 10 11 ENCODE_START 12 ... 13 ENCODE_END