Just some questions

[Hazed2004]

It injects into the process and call functions to deobfuscate it right, does it follow only the control flow of the program or the whole? Like if there is if else statement and the condition is false, does it also deobfuscate the code in true condition block?

[ErezAmihud]

Yes it does. Pyarmor obfuscate the whole function, once the function is called there is a payload that deobfuscate it, and at the end of the function there is code that obfuscate it again. What dearmor does is override the code at the end that obfuscate the function again.