adplus-dvertising
frame-decoration

Question

What does Defender do before each function returns to the caller?

a.

It encrypts the entire program in memory

b.

It decrypts the entire program in memory

c.

It reencrypts each function

d.

It recompiles each function

Posted under Reverse Engineering

Answer: (c).It reencrypts each function Explanation:Defender reencrypts each function before that function returns to the caller.

Engage with the Community - Add Your Comment

Confused About the Answer? Ask for Details Here.

Know the Explanation? Add it Here.

Q. What does Defender do before each function returns to the caller?

Similar Questions

Discover Related MCQs

Q. Why does reencrypting each function create an inconvenience for crackers?

Q. What is the obfuscated interface in Defender?

Q. Why does the obfuscated interface make it difficult for crackers to find important code areas in the target program?

Q. How does the interface attempt to attach to the operating system?

Q. How does Defender access the operating system after the user-mode components are copied to a random memory address?

Q. What impact does the obfuscated interface have on the program's memory consumption and performance?

Q. How does Defender obfuscate the calls to operating system APIs?

Q. What is the weakness in Defender's technique of obfuscating API calls?

Q. What was the purpose of adding the call to IsDebuggerPresent API in Defender?

Q. What is the impact of obfuscating the interface with the operating system?

Q. What is the purpose of the Processor Time-Stamp Verification Thread in Defender?

Q. Why is it important to directly access the hardware time-stamp counter using a low-level instruction in the Processor Time-Stamp Verification Thread?

Q. What would happen if the encryption on each key function was not implemented in the Processor Time-Stamp Verification Thread?

Q. What modifications can be made to a time-stamp verification thread to make it more difficult to remove?

Q. Is the current implementation of the verification thread safe for commercial use?

Q. What changes should be made to the counter constant in a commercial product environment?

Q. What priority should the verification thread be set to in a commercial product environment?

Q. What is the purpose of adding periodical checksum calculations from the main thread?

Q. Why should the actual checksum verifications be inlined?

Q. What should be done with the verification thread in a commercial product environment?