.NET Obfuscator: Code Virtualization FAQ

❓ What is Code Virtualization?

Code Virtualization is a new feature of the enhanced Aggressive Control Flow algorithm.
It doesn’t virtualize the entire method body, instead, it selects and extracts small, critical portions of code from user-chosen methods.
Those protected code fragments are removed from the assembly, encrypted, and securely stored in the Skater Cloud Vault.
At runtime, your application fetches and executes those fragments inside a lightweight built-in virtual machine (VM).

---

⚙️ How does it improve protection?

Because the most sensitive parts of your logic are no longer present in the binary:

• Standard decompilers can’t reveal the protected code fragments.
• Even with full access to the assembly, attackers can’t reconstruct full method logic.
• The extracted code runs through a VM interpreter, adding an extra layer of complexity and resistance to reverse engineering.

---

🧩 How do I choose which methods to virtualize?

You can mark specific methods in the Skater UI or within an obfuscation profile.
Skater automatically analyzes and selects the most valuable segments within those methods for virtualization.
This ensures high security while minimizing performance impact.
It’s best to choose methods that include:

• license validation routines,
• encryption or decryption logic,
• or proprietary algorithms.

---

☁️ Where is the virtualized code stored?

All extracted code fragments are securely stored in the Skater Cloud Vault.
Each fragment is encrypted, digitally signed, and associated with your project’s Certificate IV, a unique identifier required for decryption and execution at runtime.

---

🔒 What happens if the cloud is unavailable?

Skater provides caching and offline fallback mechanisms.
You can define how long a decrypted code fragment remains cached and what to do if the connection to the Vault is temporarily lost (for example, use an encrypted local cache or gracefully block protected functionality).

---

🚀 Does this affect performance?

Only minimally.
Because only small parts of methods are virtualized, the runtime overhead is lower than with full-method virtualization.
The first execution may involve downloading and decrypting a fragment, but subsequent calls use cached data.

---

🔑 Are there extra security settings I should care about?

Yes. For best protection:

• reference the Skater.Cloud.Vault library to your protected assembly;
• always use internet (HTTPS connection must be available) for communication with the Vault;
• manage and rotate your Certificate IV keys securely.

The Skater Vault enforces encryption, signing, and secure transport by default.

---

🧩 Can I combine Code Virtualization with other protections?

Absolutely.
Code Virtualization complements traditional techniques such as:

• symbol renaming,
• string encryption,
• anti-tamper protection,
• and standard control flow obfuscation.

---

📦 How do I enable Code Virtualization?

1. Open your project in Skater .NET Obfuscator.
2. Select the Aggressive Control Flow algorithm.
3. Mark the methods that should include virtualized code fragments.
4. Provide your Certificate IV, a unique value obtained from the Skater Cloud Vault.
   It authenticates your project and links your virtualized fragments to your assembly.
5. Run the obfuscation process: Skater will automatically extract, encrypt, upload, and integrate the virtualization runtime loader.

---

🧭 When should I use Code Virtualization?

Use it when:

• your app includes unique algorithms or proprietary IP;
• you want to protect sensitive computations or license checks;
• you require the ability to revoke, replace, or update logic remotely from the cloud without redistributing your application.