No. You can make it more difficultto decompile but you cannot preventit. My advice is to stop wasting your time and instead concentrate on delivering a fantastic product with ever-improving features.

不。您可以使反编译变得更加困难，但您无法阻止它。我的建议是停止浪费时间，而是专注于提供具有不断改进功能的出色产品。

Then people will be willing to pay for it.

那么人们就会愿意为此付出代价。

Your main problem is that the only way to make your code un-decipherable is to make it un-runnable. Anything that can be loaded into a PC can be cracked. The people that do reverse engineering for fun, profit or fame are generally verygood at it and will really not be the least bit phased by anything you do to try and stop them.

您的主要问题是，使您的代码不可破译的唯一方法是使其不可运行。任何可以加载到 PC 中的东西都可以被破解。那些为了乐趣、利润或名声而进行逆向工程的人通常非常擅长逆向工程，并且不会因为你试图阻止他们所做的任何事情而分阶段进行。

They have access to tools that make the job of deciphering your code far easier than the job you will have obfuscating it :-) Far better to convince the world at large that your software is worth buying, and seeing piracy as an opportunity to possibly convert "thieves" to genuine users.

他们可以使用工具，使破译代码的工作比混淆它的工作容易得多:-) 更好地说服全世界相信您的软件值得购买，并将盗版视为可能转换的机会“小偷”给正版用户。

For example, find out whythey're not paying for your software and try to fix that. You'll never convert 100% of the people, some will pirate your code just for the fun of it.

例如，找出他们不为您的软件付费的原因并尝试解决该问题。你永远不会 100% 的人转化，有些人会盗版你的代码只是为了好玩。

Check out the series of articles running over on techdirtconcerning CwF+RtB (connect with fans plus reason to buy). I've found many of the points raised there could be applicable to the software industry.

查看有关 CwF+RtB（与粉丝联系以及购买理由）的技术污垢系列文章。我发现那里提出的许多观点都适用于软件行业。

The easy way: Buy a packer/cryptor/obfuscator product. Some are expensive and used in games, some are not. Google for them by buzzwords like "copy protection", etc.

简单的方法：购买打包器/加密器/混淆器产品。有些价格昂贵并用于游戏，有些则不然。通过“复制保护”等流行语在谷歌上搜索它们。

The fast way: pack with UPXand then mangle the header somewhere so it will still be loaded in memory and run fine, but the upx utility will fail with an error (try the version field). 95% will give up if the upx utility fails.

快速方法：用UPX打包，然后在某处修改标头，这样它仍将加载到内存中并正常运行，但 upx 实用程序将失败并显示错误（尝试版本字段）。如果 upx 实用程序失败，95% 将放弃。

The hard way: Write your own packer.

困难的方法：编写自己的打包程序。

oh, I forgot:

哦，我忘记了：

The realeasy way: Just ship it as it is. No really - whatever you do people can still reverse engineer your code. The amount of effort you put it in just restricts how many can reverse it.

在真正的简单的方法：只要出货，因为它是。不是真的 - 无论你做什么，人们仍然可以对你的代码进行逆向工程。你付出的努力只是限制了有多少人可以扭转它。

compile with full optimization.

编译完全优化。

"obfuscated executables" makes no sense. The hardware has to be able to "understand" the code in able to to execute it, and it the hardware can understand it, a reverse engineering human can understand it. The most you can do will be make it more tedious to understand, but probably not by much, and at a cost.

“混淆的可执行文件”没有任何意义。硬件必须能够“理解”代码才能执行它，并且硬件可以理解它，逆向工程人员可以理解它。你能做的最多的事情是让理解变得更加乏味，但可能不会太多，而且需要付出代价。

Decompilation (No More Gotos) and both obfuscation practice (Flowtables) and theory (Indistinguishability Obfuscation) are active areas of research and therefore there are no solutions - only tools, techniques and expertise. If you really want your code to be impervious to decomplilation, create a web app, and put the sensitive code server side. But if you're stuck to the model of giving someone a binary, then you must wisely judge the trade-off you want to make between security and performance. Obfuscation comes at a cost, and still is never perfect. Some options

反编译 ( No More Goto) 和混淆实践 ( Flowtables) 和理论( IndistinguishabilityObfuscation) 都是活跃的研究领域，因此没有解决方案——只有工具、技术和专业知识。如果您真的希望您的代码不受反编译的影响，请创建一个 Web 应用程序，并将敏感代码放在服务器端。但是，如果您坚持向某人提供二进制文件的模型，那么您必须明智地判断您想要在安全性和性能之间做出的权衡。混淆是有代价的，而且永远都不是完美的。一些选项

• Use a packer other than UPX (UPX comes installed in many linux distros). The performance cost is low and most people do not have the skills to manually unpack a binary for static analysis. But to experienced reversers, the cost of unpacking is immaterial
• Check out Tigress, a diversifying virtualizer/obfuscator with rich features for C source-to-source obfuscation. For better performance, rely on the supporting transformations, control flow flattening, function merging/splitting, literal encoding
• If you want even greater protection, check out Tigress's major transformations: virtualization, JITing, etc, but I'm fairly certain these are more expensive and your users may notice a slow down if you use these transformations.

• 使用除 UPX 之外的打包程序（UPX 安装在许多 Linux 发行版中）。性能成本低，大多数人不具备手动解压二进制文件进行静态分析的技能。但对于有经验的逆向者来说，拆包的成本并不重要
• 查看 Tigress，这是一个多样化的虚拟器/混淆器，具有丰富的 C 源到源混淆功能。为了获得更好的性能，依靠支持的转换、控制流扁平化、函数合并/拆分、文字编码
• 如果您想要更大的保护，请查看 Tigress 的主要转换：虚拟化、JITing 等，但我相当肯定这些更昂贵，如果您使用这些转换，您的用户可能会注意到速度变慢。

Don't be discouraged by Barak et al's seminal work on the impossibility of black box obfuscation. He only proves the impossibility of black box obfuscators, not the impossibility of many practical and worthwhile obfuscations. (Black box obfuscation being the inner workings of the program are completely unintelligible) Also don't be discouraged by pirates. There's always people who make it a point to buy your product if it is good.

不要因为 Barak 等人关于不可能进行黑盒混淆的开创性工作而气馁。他只证明了黑盒混淆器的不可能性，而不是许多实用且有价值的混淆器的不可能性。（程序内部的黑匣子混淆是完全无法理解的）也不要被盗版者气馁。如果你的产品好，总是有人会购买你的产品。

Compiling C code with an optimizing compiler makes it impossible to restore the original source code or anything that even remotely resembles it. It is far more secure than any of the Java or .NET obfuscators that are popular these days. Be sure to strip the executable if you want to make it smaller and hide any symbol names before release. However, notice that this also makes debugging (whenthe application crashes) pretty much impossible.

使用优化编译器编译 C 代码使得无法恢复原始源代码或任何与它相似的东西。它比当今流行的任何 Java 或 .NET 混淆器安全得多。如果您想在发布前缩小可执行文件并隐藏任何符号名称，请务必剥离可执行文件。但是，请注意，这也使得调试（当应用程序崩溃时）几乎不可能。

Even so, if someone really wants to hack your software, he will do so on assembly level, possibly with loader software or other trickery - no matter what you try and do to prevent him. Many companies have tried, yet none have succeeded. Using hacks like this only frustrate the end-user as they may crash the application or even crash the built-in debugger of Windows.

即便如此，如果有人真的想破解你的软件，他会在汇编级别这样做，可能是使用加载器软件或其他技巧——无论你尝试和做什么来阻止他。许多公司尝试过，但都没有成功。使用这样的 hack 只会让最终用户感到沮丧，因为它们可能会使应用程序崩溃，甚至使 Windows 的内置调试器崩溃。

Quit wasting your time thinking about obfuscation while you should be improving the program instead.

不要浪费时间考虑混淆，而应该改进程序。

To make it harder? Sure. Please don't do that.

让它变得更难？当然。请不要那样做。

To prevent it? No. Any system that's going to run your binary will need the software to decrypt whatever scheme you come up with. And they'll be able to decompile that and then see how your obscured binaries get interpreted.

为了防止？不。任何要运行二进制文件的系统都需要该软件来解密您提出的任何方案。他们将能够对其进行反编译，然后查看您的模糊二进制文件是如何被解释的。

I think if you speak about compiled binary there is not much you can do, (perhaps only apply UPXor related tool) which does not make a lot of sence since it can be reversed.

我认为，如果您谈论已编译的二进制文件，那么您无能为力（也许只应用UPX或相关工具），因为它可以被反转，所以没有多大意义。

If you talk about writing new code, try Self Modyfing C Codewhich will probably be the hardest way to re engineer your application.

如果您谈论编写新代码，请尝试自我修改 C 代码，这可能是重新设计您的应用程序的最困难的方法。

Why obfuscate the code if there's a commercial gain from it? To be honest, suppose the commercial code is optimized enough and obfuscated, and works, then the mother of a all embarrassing thing happened - a glitch....you are stuck imho, as the production binary code is obfuscated, making it harder to debug where the glitch is happening and difficult to replicate, it will be stuck on the BUGS list forever...

如果可以从中获得商业利益，为什么要混淆代码？老实说，假设商业代码经过足够的优化和混淆，并且有效，那么令人尴尬的事情发生了 - 一个小故障......调试发生故障且难以复制的地方，它将永远卡在 BUGS 列表中......

For instance, trying to find the stack trace, you'll end up with losing more hairs then ever trying to figure out the dis-assembled code to work out WTF is happening in there, endless reams of spaghetti loops. In short, don't!

例如，试图找到堆栈跟踪，你最终会失去更多的头发，然后试图找出反汇编代码来解决 WTF 发生在那里，无尽的意大利面循环。简而言之，不要！

You'll end up with losing money in trying to debug the glitch...either you have to be a brilliant assembler expert to read up the memory dumps and work it out from obfuscated code... Don't throw it away, just get your beautiful product working and sell it...Sure, there's plenty of people that have time on their hands to break it by reverse-engineering the code...

你最终会在试图调试故障时赔钱......要么你必须成为一名出色的汇编专家来读取内存转储并从混淆代码中解决它......不要扔掉它，只是让你漂亮的产品工作并销售它......当然，有很多人有时间通过​​对代码进行逆向工程来破坏它......

The secret to beating that is following the principle - release frequently, release often, make improvements as you release often, in that way the latest and greatest features would be more up-to-date then the time it takes for a cracker to disassemble it and work out! Look at the linux source code, the patches come in, then it gets released...if you keep that principle in mind, by releasing new version with more features at a far more faster pace then you're winning!

打败它的秘诀就是遵循这个原则——经常发布，经常发布，在你经常发布的时候进行改进，这样最新的和最好的功能会比破解者拆卸它所花费的时间更新和锻炼！看看 linux 源代码，补丁进来了，然后发布了……如果您牢记这一原则，以更快的速度发布具有更多功能的新版本，那么您就赢了！

If you really want to jumble it up you need a separate program to do it. As a developer you write your code in the cleanest, and most readable form. Post compilation you run the separate application to do the obfuscation. You can buy such applications for about $100K.

如果你真的想把它弄乱，你需要一个单独的程序来做。作为开发人员，您以最干净、最易读的形式编写代码。编译后运行单独的应用程序来进行混淆。您可以以大约 10 万美元的价格购买此类应用程序。

If your intention is to stop the code from being reversed engineered that will probably work. If your intention is to stop someone from cracking the security then obfuscation alone won't stop a determined attacker. At some point there is a yes/no decision they don't need to understand the code to find that nor to circumvent it.

如果您的目的是阻止代码被逆向工程，那可能会奏效。如果您的意图是阻止某人破解安全性，那么仅靠混淆并不能阻止坚定的攻击者。在某些时候有一个是/否的决定，他们不需要理解代码来找到它，也不需要规避它。