Encrypted execution engine

This article describes an implementation of user-mode (therefore, OS independent) code decryption engine for 32-bit x86 architecture. Apart from encryption, the engine may be also used for user-mode tracing, thus avoiding ptrace() or similar APIs. The code has been developed in x86 assembler and tested under Linux and FreeBSD, but it should also work on Win32.

Paper Code


I have taken the concept of encrypted execution one step further by the CSPIM simulator. The results of this research have been published in this paper.

CSPIM is a MIPS I processor simulator. There are already a number of different MIPS simulators available on the internet, for example:

but all are parts of larger projects (mostly whole-system emulation), and none of them is designed to meet the two basic requirements of mine (though Nachos seems to come close):

Given that MIPS I is an extremely simple architecture, it was easier to write a simulator with clean interface from scratch, rather than adapting an existing code (some of which I don't want to mess with because it's GPL'd). The name CSPIM is purposefully chosen to resemble SPIM, which is actually only an interpreter of MIPS assembly source code (i.e. it is not able to execute any kind of binaries).

Development has been moved to GitHub .


Missing features

Floating-point arithmetic and big-endian mode

Both features may be implemented in the future. Neither is high priority.

Not planned at all

The following features/deviations from the real CPU's behavior are not planned to be implemented at all because they are not needed to correctly run executables generated by gcc.