Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Dll Security
From: VP (pelasacogmail.com)
Date: Tue May 10 2005 - 08:54:20 CDT
Thanks for all replies. i'm gonna take a look in upx, i must fix this
solution even if i just raise the bar.
>On 5/7/05, Keith Oxenrider <koxenridersol-biotech.com> wrote:
> The real question you should be asking is 'what is the point?' Any decent
> cracker will be able to look at your decrypted binary in RAM, even make a
> copy of it for later use. The very best you can do is raise the bar, but
> to have any real chance of making a difference you need to make your
> program detect that it is being run in a debugger (not a trivial task and
> probably one that is fundamentally impossible, as the hardware itself can
> be emulated) and continue to run, but with some subtle differences that
> make it unusable (if it just crashes, it tells the cracker just what she
> needs to know to bypass the check). Obscuring the code generally makes
> maintenance costs skyrocket; you should do an economic analysis to prove
> that the extra effort will be repaid. Keep in mind that legitimate users
> often need to run their code in debuggers as well, so be sure to factor in
> the ill will created when their attempts to debug their code that uses your
> DLL cause all sorts of nasty problems for them (not to mention the support
> Keith Oxenrider
> At 04:17 PM 5/6/2005 -0300, VP wrote:
> >Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an
> >important algorithm used here.
> >Well today i'm using a following approach:
> >I'm encrypting the dll with a program, then when i want to loadlibrary() it,
> >i decrypt it to a plain-text file, then i loadlibrary the plain-text file.
> >So i have my encrypted dll and i have a plain-text version either. To
> >mitigate this vulnerability, i'm using EFS to protect my plain-text dll.
> >I'm wondering if using the PE format i can do some kind of "on-the-fly
> >encrypt and decrypt". Is it possible ? There is any example ? Is it a good
> >solution ?
> >Thanks in advance,