Results 1 to 4 of 4

Thread: Preventing Decompilers / Disassemblers

  1. #1
    BOB
    Guest

    Preventing Decompilers / Disassemblers

    I am sorry if this is in the wrong forum but PLEASE help me.

    I am writing a thesis / dissertation regarding software security, trying to help developers create protections.

    Looking through the old tutorial (1998ish) I have found a number of assembly routines that stop S-Ice etc.. but are there any newer methods.

    For example - how can you prevent Smart Check, or IDA, or W32 Dasm in, lets say, using Delphi???

    If yuou have any other ideas on protection systems, even if they are crackable or quite strong, I would be very GRATEFUL.

    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Hi BOB,

    imho, the whole board is a place where the reverser guys learn how the protections work and, where developers are supposed to learn how improve their protections.
    Listing all knowed anti-methods is difficult but you can use the search function to locate some of them.

    You can start with it and if you want to know something about a particular method, feel free to ask...someone will help you :-)

    Regards,
    ZaiRoN

  3. #3
    Different tricks apply to different apps (and even different versions of the app!). For example, an infinite jump reference in w32dasm will lock up the app, but this will not have any effect on IDA.

    Best protection against IDA is never use constant addresses in data or jumps - make everything reference the registers, and ensure the registers are setup using algorithms. (Eg. CALL EAX instead of CALL 4521A4, whereas EAX is setup previously in some math's algo). Very impractical however, and pretty much impossible unless you code the entire thing in ASM.

    Other than that, tokening is a good way - I've yet to see a disassembler make anything out of a QBasic 4.5 program beyond the loader

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,102
    Blog Entries
    5
    Hi

    ZaiRoN pretty much has it right, this whole place is full of tricks and you just have to start learning where the level of 'deprotection' lays. I'm sure you've researched other things, but there are several essays around outlining protection ideas you can use, try Fravia's Searchlores protection articles for a start, CrackZ archives has some good stuff, I remember even the Delphiforum site had quite a good page on protection tips and tricks contributed to by several knowledgable reversers.

    Re Delphi... there are several ready made commercial protections around of course, but I seem to remember a unit put together by someone of packaged Delphi anti Sice and other tricks, though I don't know if I'd bother with them. If you figure out a trick, someone will figure out a way around it, and how you implement it is critical in how easy or hard that will be. A few anti tool tricks by themselves are nothing much unless tied into a larger protection. If you have more specific questions...

    Regards,
    Kayaker

Similar Threads

  1. Top 10 DYNAMIC Debugger/Disassemblers
    By Logun in forum The Newbie Forum
    Replies: 1
    Last Post: September 10th, 2010, 09:16
  2. Preventing the Exploitation of SEH Overwrites
    By Uninformed Journal in forum Blogs Forum
    Replies: 0
    Last Post: October 22nd, 2007, 12:22
  3. Debuggers/Disassemblers?
    By ftothe3 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 17
    Last Post: April 14th, 2004, 07:55
  4. Preventing API hooking????
    By yaa in forum Advanced Reversing and Programming
    Replies: 17
    Last Post: September 23rd, 2002, 16:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •