Implement a random obfuscation virtualization environment.
already done.
there is one in the game exe that does both game related and DRM related tasks,. it uses code generated on the fly, self modifying code, and encrypted code. all programs are written in its proprietary machine language. you write one line of assembly as a comment, followed by usually three lines of machine code to implement the one line of assembly.
there is a second separate stand alone vm that decrypts and runs the game exe, as well as running its own proprietary vm programs in general. it has its own proprietary architecture, instruction set, .programming language, compiler, p-code language, and vm runtime. programs to encrypt a game exe and decrypt and run a game exe are just two example programs written for the stand alone VM. the VM was made BEFORE the game, just for copy protection purposes. no sense making a game for profit if you can't protect it. this vm is much more sophisticated. i've actually written direct3d fullscreen test apps with it that run at 62.5 fps.
i look forward to the day when PC's are fast enough to just write a vm, then write the game in the vm's language - eliminating the dreaded release build delay from the development iteration loop. until then, i use a macro processor to generate c++ code from a high level, low keystroke scripting language. saves on typing, like a custom vm language can, but doesn't help with release build times.
however, as pointed out by ApochPiQ, VMs are not impervious to attacks:
from:
http://www.gamedev.net/topic/654995-checksum-crc-md5-hash-check-game-code-in-ram/
The VM concept may seem like a solid approach, but you have a critical flaw in your architecture.
An observant reverse engineer will notice within seconds of viewing your program's import table that you use a select few "interesting" API functions. Encrypted code is not a surprise to anyone in the reversing field; even "innocuous" things like packers have been around for ages, and most reversers know how to get past them.
If I were, hypothetically, to take a look at your program, this is how my thought process as an experienced reverse engineer would look:
Hmm, weird set of APIs. Also if I break the game execution at random times I end up in this weird call stack.
Let's see what this code does... oh, it's a VM.
Hey look! It's running encrypted code!
Let's find all the places that decrypt input code and hook them...
... aaaand shunt over to a dummy VM implementation in an injected DLL (or monkey-patched binary if I feel brave)
Lookit that, I can dump all the raw VM bytecode now
It's a trivial VM, so figuring out what each bytecode package does is just another reversing exercise
Wow, some of these look like they are game-critical...
But these ones don't! I found your DRM!
Surely there is some recognizable pattern to what opcodes or general code pattern is followed by DRM code versus game logic...
Little analysis later, some shunting back of the VM decrypt process, and poof...
And now I have a crack for your game.
A good reverser could pull this off in a long day of work; a mediocre one could do it in a week.
Unless you expect that buying yourself 24 hours of "safety" will be the difference between commercial success and commercial failure, you're wasting your time.
software seems to need two types of protection:
1. copy protection to prevent illegal distribution having a negative effect on legit sales.
2. anti-crack protection for the copy protection.
also, any game that has artificial built in limits that can be cracked (such as only play for free to level 20) needs anti-crack protection.
i've gotten exe checksum with no checksum in the exe and ram checksums working for anti-crack, and expiration date not based on system clock for DRM working.
i've been able to hide string constants, and pepper the code with tons of system calls to drastically increase the number of references to suspicious systems calls such as GetSystemTime.
one big thing i've done relates to the following quote:
"they can't hack what ain't there!"
so to the greatest extent possible i've used #ifdef DEMO and dead code elimination to completely remove full version code from the demo. in some cases i've had to write custom code for the demo, such as a generate_demo_map() routine.
but getting back to the ET phone home....
so the server sends some VM p-code to the client. the client runs it. the client doesn't store it on disk. the server must send vm code every time the game wants to run.
the packets could be intercepted and the p-code gotten at that way. a dummy client could be written that gets the p-code and saves it to disk. a ram spy tool could get the p-code from ram. and the cracker has the client exe , so they have the vm code. once they reverse engineer the VM, and get the p-code somehow, its just matter of time. needless to say, all of this is a bit easier said than done. but still do-able.
all these types of attacks would need anti-crack protection.
doing a google on your three suggestions turned up a bunch of useful stuff for a search on "random obfuscation virtualization environment".
i'll be posting all the links i found in my gamedev info journal here as soon as i get a chance to sift through it all, and at least provide a couple words for each link about what the info is about.
so it a two front war:
1. don't copy me illegally - copy protection.
2. don't crack the code that provides copy protection - anti-crack protection.
note that sometimes its not illegal copying, its time limits, cheating in multiplayer online games, etc. that you want to make tamper resistant.