本文介绍了一种用于保护应用程序免受反编译的技术——自动生成代码技术。该技术通过修改应用程序的内存来隐藏关键信息,例如生成密钥的过程或验证序列号的方法。文中详细探讨了两种实现方式:使用kernel32.dll中的WriteProcessMemory函数和修改堆栈上的代码。
Introduction
Self-generating code technology is a very important means to counteract disassembler. You should use this technology to protect your applications although it's a "bad" programming style. There are two documented ways of modifying application code at least. First, kernel32.dll exports the WriteProcessMemory function, intended as follows from its name, for modifying the memory of a process. Second, practically all operating systems, Windows and Linux included, allow the code placed on the stack to be modified. I like the second way, because it is more freedom and less limitation when I try creating self-generating code for Windows applications in VC++ IDE. A FAQ is to cause an exception with the subsequent abnormal termination of the application.
I try to resolve these questions, and get some experience as follows:
The function code must be relocatable code:
The answer is that it can conceal crucial or key information, such as procedures for generating the key or for verifying the serial number.
.
.
.
.
查看全文: http://www.codeproject.com/KB/tips/Self-generating-code.aspx
Self-generating code technology is a very important means to counteract disassembler. You should use this technology to protect your applications although it's a "bad" programming style. There are two documented ways of modifying application code at least. First, kernel32.dll exports the WriteProcessMemory function, intended as follows from its name, for modifying the memory of a process. Second, practically all operating systems, Windows and Linux included, allow the code placed on the stack to be modified. I like the second way, because it is more freedom and less limitation when I try creating self-generating code for Windows applications in VC++ IDE. A FAQ is to cause an exception with the subsequent abnormal termination of the application.
I try to resolve these questions, and get some experience as follows:
The function code must be relocatable code:
- Only use local variable, don't use global variable, static variable, and constant string variable.
- If the function code wants to invoke another function, the pointer of the function should be passed to it.
The answer is that it can conceal crucial or key information, such as procedures for generating the key or for verifying the serial number.
.
.
.
.
查看全文: http://www.codeproject.com/KB/tips/Self-generating-code.aspx
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
