Secure Programming
Dll Security May 06 2005 07:17PM
VP (pelasaco gmail com) (3 replies)
RE: Dll Security May 09 2005 07:55AM
Slavisa Dojcinovic (slavisa dojcinovic bravostudio com) (1 replies)
Re: Dll Security May 10 2005 08:59PM
Slashroot (slashroot free fr)
Re: Dll Security May 08 2005 11:34PM
Valdis Kletnieks vt edu
Re: Dll Security May 07 2005 07:13PM
Keith Oxenrider (koxenrider sol-biotech com) (1 replies)
Re: Dll Security May 10 2005 01:54PM
VP (pelasaco gmail com) (1 replies)
Thanks for all replies. i'm gonna take a look in upx, i must fix this
solution even if i just raise the bar.

Best Reguards,

VP

>On 5/7/05, Keith Oxenrider <koxenrider (at) sol-biotech (dot) com [email concealed]> wrote:
> The real question you should be asking is 'what is the point?' Any decent
> cracker will be able to look at your decrypted binary in RAM, even make a
> copy of it for later use. The very best you can do is raise the bar, but
> to have any real chance of making a difference you need to make your
> program detect that it is being run in a debugger (not a trivial task and
> probably one that is fundamentally impossible, as the hardware itself can
> be emulated) and continue to run, but with some subtle differences that
> make it unusable (if it just crashes, it tells the cracker just what she
> needs to know to bypass the check). Obscuring the code generally makes
> maintenance costs skyrocket; you should do an economic analysis to prove
> that the extra effort will be repaid. Keep in mind that legitimate users
> often need to run their code in debuggers as well, so be sure to factor in
> the ill will created when their attempts to debug their code that uses your
> DLL cause all sorts of nasty problems for them (not to mention the support
> calls!).
>
>
> Keith Oxenrider
> CISSP
>
> At 04:17 PM 5/6/2005 -0300, VP wrote:
> >Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an
> >important algorithm used here.
> >
> >Well today i'm using a following approach:
> >
> >I'm encrypting the dll with a program, then when i want to loadlibrary() it,
> >i decrypt it to a plain-text file, then i loadlibrary the plain-text file.
> >So i have my encrypted dll and i have a plain-text version either. To
> >mitigate this vulnerability, i'm using EFS to protect my plain-text dll.
> >
> >I'm wondering if using the PE format i can do some kind of "on-the-fly
> >encrypt and decrypt". Is it possible ? There is any example ? Is it a good
> >solution ?
> >
> >Thanks in advance,
> >
> >Victor
>
>

[ reply ]
RE: Dll Security May 10 2005 06:03PM
Chris Matthews (cmatthews xn com)


 

Privacy Statement
Copyright 2010, SecurityFocus