reverse engineering

Well you sure proved how ugly a simple Windows app can look.

But, who would care about reverse-engineering a windows app with a dis-assembler anyway? It's easier to look at the behavior and imitate it from scratch, IMO. (actually, there are some controls that Microsoft uses before they give them to us, so I guess I could imagine some scenario where stealing some code could be helpful)

from the posts below about the cracking of the RSA algorithms, etc. I'm thinking that for things that are close to C anyway, putting out the *.exe is close to putting out the source.

With respect to "why don't people just disassemble Windows NT?" I would respond that people that knowledgeable wouldn't waste their time at a low-paying competitor, they'd get hired away by Microsoft!

I'll probably go through this thread and see the favorite dis-assemblers, and talk to my employers and see if they're up to purchasing something (or giving the GNU version a go), and see what it does to our code. I have a feeling that a PhD and two months could probably unlock all our secrets (but I'm not a PhD and I don't have two months for this)

Todd, this is exactly what I meant in my previous post: you can not get the original code by disassembling the executable but you may not even need the original code! It all depends on what are you attempting to do.

And, as you have mentioned, does it realy worth for your competitors to put aside their current project and start hacking into your code? And even if it does make sense for them, does it realy kill you? So, may be your boss is just being a little paranoic abot the subject?

u cannot decompile an exe ( created from vc,tc...etc) into C
u can only see ASM instructions, so if ur a asm master u need to recode the asm into C (which is not very fun).
and SoftIce is not a dissasembler its a DEBUGGER (system debugger) which working at ring0 [p-mode] and debug flag to halt system and trace where ever u want..
there are tools to locate softice, but doubt they are working while u have IceDump/frog'sice running in background.
they only "reseanable" way to protect ur app (registrations) is by using a strong Cryptography (one way / rsa 1024+) md5/sha-1 and alike already cracked and there are free libs for free outthere to paste in VCA and make a keygen.
btw VC7 (.net) got a decompiler since its reall crap so watch ur steps :-)
ttl

Sheesh, who would have known this would blowup into such a large thread? Ok, my bad.. you can't get the "exact" C++ code from an EXE using SoftICE. However, lets face it: hackers breaking/stealing our software suck. The threat is there. Even if they can't get the exact code, they can still get a different interpretation of it such as ASM code and work their way through to crack it.

My point was just that when you write an important product, you should consider making it that much harder for the hacker by including not-so-obvious keywords instead of bIsRegistered, how about using bIsR. Also including CRC checks can help prevent (or slow down) hex editors. Etc.

One of my products was hacked for every version I released, until I developed a Security class for it. This class included a multitude of techniques to help slow-down a hacker. No security will "stop" a hacker if he has enough time. But the goal is for the hacker to skip over yours saying "screw this one", and move on to the next app to crack.

Anyways, don't spend too much time on security. As the other posters explained, it is not worth wasting your time. But do include *some* security even if only minimal.

And thanks for the wonderful discussion on this topic. We definately have some experts on here! :)

hi ;)

when u say "hackers" u should know those are ppl who break into web/inet sites/ftps/system so ur little confused.
the term u should need to say is "Crackers" those are the one who break software code, not internet code ;)
mostly crackers doesn't tend to kill ur app / steal it, its a race between other crackers, when he/she dl ur app the only thing they do is to locate ur registration place and reverse it to thier own C/ASM/Delphi..etc code.
they are not decompiling ur app cuz they feel like crew the author,
its just a race to see who "breaks" the app and release the keygen/crack faster.
but, if u can't understand them, join them, learn thier prespective and protect ur application better.
also u can use PE protectors, most known are: Aspack / tElock /
though they charge money or buing thier software [ i.e: flashfxp]
although exe protectors has been dumped/reFixed it still away to antimidate crackers.
u can also look for more info in the web regarding "how to protect" your software which has been written by crackers too.
thier way of point is to gain more knowledge and practicing on author's applications.
i hope this has been a little help
cya ;)

p.s
CRC wont help since they will recalculate it after its beeing patched .
which application u wrote and got cracked?

I think the term "hacker" has many definitions. See What Is a Hacker? for more.

So what is "internet code"? If it is not software then it must be hardware, or is it a third category that I have not heard of?

We've had this conversation before with the same misconceptions. You CANNOT get the exact C or C++ code back.
Unless you ship debug code :) Once the exe has been stripped, the names of the variables are gone.

With SoftICE or Windows DASM you can get the assembly instructions.

The cracking groups I've watched don't necessarily use SoftICE. WDASM32 works better since you don't have to run a detectable service in the background.

You can make the assembly more obscure but you can't 100% protect from disassembling.

Hi,
Fasinated by your discussion, .net suddenly flash in my head, CLR, which is java runtime of MS, looks very probable to render any code you write under .net platform visible to everybody.
May be compling into local binary will avoid this but at the cost of losing .net flexibility.
Please tell me I am wrong.
Thanks.

My flatm8 has softice on CD - I have recently lost the cource to a project from the harddisk blowing up so I'll bring it in 2mm and:
a) 'decompile' my executable (not much hope but who knows)
and b) try out the above code to see if it detects softice running and exit out of the initinstance. I agree with Paul it's all scare-stories, but if he wants to decompile AutoCad I don't see why I can't decompile Combustion....if ever a software company was greedier than MS its gotta be discreet *(discreet, ha ha - good name ...AND they're owned by AutoCad!)
wish me luck!
Dwiz

Theres hundreds of decompilers out there, and no way to stop them all. If you have a good knowledge of how assembly maps to machine code, then you could write one pretty easily. Then once you have the assembly version then you can use common sense to convert to the language you wanted.

The only things that are lost are function names (which are replaced with memory offsets) and variables (which are replaced with processor register names).

Theres no real way to protect from decompilers; if the computer can "understand" your program, then so can a decompiler.

It's sure that hacker can anyway come to know much about working but never 100%.

There is a very good way to ptotect your sensitive algorithms..

You can write these imp. functions to a DLL ,then encrypt it and copy whole DLL at end of your exe ,or somewhere else in your executable program.
Run time allocate Executable Memory pages and decrypt the functions from DLL there. Dont write independant function in that DLL. Try writing some assembly code at run time into these decrypted function.this will ensure that if somebody else knows to decrypt it then also he wont be able run it.


try antidebugging trics......

To know about antidebugging tips

see
www.anticracking.de
www.absolutelock.de

Kishnaa,

This does help a bit, but there are tools that let you inspect the memory, and hence would get to your DLL code anyways, just after you decypted it :/

There is no way to stop crackers, there are only ways to make it hard for them to accomplish their task.

Sometimes a simple method will confound the average cracker enough to make him abandon your program. The best protection against cracking is :
1) Use some anti-cracking techniques
2) Release frequent updates and make old code unavailable so that patches never work for more than 1 month.

AFAIK our program was cracked only once. Strangely enough, afterwards we got a bunch of emails from hotmail et al. asking us to make build X.Y.Z available again. ;)

I agree with you Yves M.

Thats what I think , we can certainly make our code harder to understand.

If you think you will find many ways to do it.
A program can be polymorphic in that way.

But still nobody can stop the Hackers from doing what they want ...

:)

I have not used SoftICE for a long time, I can say that as of 1998 when I quit working for the NSA, there were in-house "rumors" that MS had worked with some of the lead NSA engineers to create a strategy to embedd some of the the debug info into the actual Release version of the .exe. If this actually happened then or more recently, this could in theory, make it possible for the NSA to decompile..... This was a "rumor" I thought it would be interesting to some of the posters here.... Anybody else heard anythign about this....

One bit of advice; before anyone goes charging off trying to defeat "crackers", make sure that your compiled code is genuinely worth protecting.

(And make sure your workstations and source control servers are secure. Novell is paranoid about their code, but when I worked there in the early 90s, several times, for several months one time, their entire network was open to the world--if you correctly guessed a developers username and password--not difficult--you would have had access to all of Novell's source code.)