reverse engineering

[ChrisInAvondale]

I want to start out by saying thank you to "Paul McKenzie". He seems to be the only one in this thread that is passing along correct information.

Yes, it is true that SoftIce will allow a user to set a breakpoint on ANY Windows API call. Which also means that the code for detecting SoftIce is a joke. The hacker simply puts a breakpoint on CreateFile() and checks the parameters that are passed to it. This tells them what the user is attempting to do. If it's a check for SoftIce, simply jump over it or make the software think it didn't find it.

As for the concept of your EXE containing your C++ source code...the answer is NO! Assuming that your not an idiot and you are releasing a RELEASE build and not a DEBUG build of your application. Just for the sake of argument, let's say that you did release a DEBUG build and it included COFF style debugging information. In this case, yes you are giving out your source code. Not because it can be reverse engineered but because the COFF style debugging information includes your source in the EXE so a debugger can access it. However, the Microsoft Program Database, which is the default style in VC, does not. It creates a PDB file that contains the debugging information. So what lesson have we learned. :=) Don't release DEBUG versions of your software. However, if you need to be told that, then you should find another profession. :=)

If you build in a SoftIce check like the one someone mentioned earlier, make the function inline. Then include it in multiple places in your application. This will force the hacker to find every instance of this check in order to get the program to run correctly. This won't stop them but it will slow them down. If you don't make it inline then all they have to do is find the function and change it's return value. And every place in your application that calls this function will think SoftIce is not loaded.

The real question when it comes to reverse engineering is "Is it worth my time?". If a hacker has good reason to reverse engineer it then you have a concern. But this stuff is not easy, so hackers don't spend time on it unless they have something to gain from it. For example, like recognition for cracking Windows XP's registration.

If you really have a concern for this stuff check out a product called PECompact.

http://www.collakesoftware.com/PECom...SPECompact.htm

PECompact allows you to compress an EXE file and encrypt it. However, this only makes reverse engineering harder...not impossible. Nothing is impossible, so all you can hope to do is make it hard enough that the hacker says "forget it".

Good luck!

[goliwog]

There is a lot of disassembler on the net not only softice.

For me what was Olivier said:


>Only way to protect something is to make reverse engineering >as hard as possible: relocate user-supplied parameters, use >indirect querying, use multithreading and maybe hardware->dependend code snippets.
>But I believe that there's no really secure way to protect your >work

is the best thing that is possible to do. It can take a lot of time to a cracker to reverse your code, but there is always the possibility to do it.

[rosh_spark]

<grin/> sorry but there is no getting back original code from an exe - simply wont happen - at all.
it will take an amazingly good dissasembler to get functionally equivalent code to teh binary. if i have a good compiler and go full optimisation the asm code can be mangled beyond recognition of its c++ counterpart.

i dont know what it is that you are referring too in softice - can i drop you an exe and expect by source code back ?
softice does a **** good job of taking windows for a ride with breakpoints and the full muddle.

i mentioned good optimisation right ? take a look at this
http://msdn.microsoft.com/msdnmag/issues/02/05/Hood/
also take a look at the profile of the guy who wrote that - does compuware/numega ring a bell about softice ?


rosh

[xs2ahmed]

interesting discussion ,but i agree with "Paul McKenzie" he is right

[@Asteroid]

hmmmmmmmmmm good discusion here ,
I am new user of this forum and found this thread quite interesting , So i am also getting in with u guys .....
Well, An .exe/P.E cannot be translated into C++ source, This is impossible . inspite of SoftIce or wat ever u have it can only manage to show u the piece of code of ur choice. Then reversing depends upon u how much u r good in Assembly, Guessing abt the instructions usage why the compiler inserted which instruction for which puspose?, and if u can answer this u can reverse any thing.
Theoritically code is never safe from the (good)reversers, They can crack it wat ever u make. Although it need a lot of time , experties
You can adopt some anti crack methods but still u cannot guarntee it is safe. You can raise exception on the prescence of say 1 debugger or say 2 but we cannot code for each debugger. Yeah every one know abt SoftIce and we do have code which raises the exception on it's prescence , so ur program never executes unless softice is removed . But wat abt Ollydbg, I know Ollydby can work even better then SoftIce. It starts ur application so ur application can be caught where it will try to raise exception , inserting nopes there will make calm ur application and it will obey olldbg .
And one thing more , IDA pro is a great dissassmbler it generates all the required stuff which a good reverser need. Do wat ever u want IDA pro will expose it all.
Agian let me repeat that the reversers can only extracts the algorithms( u cannot stop them in any way) and some times an assemble-able source file in assemby(Although it need a lot of donkey work), So usually they extract the algo and they can rewrite the code in c++ or wat ever they want once they have the algorithms
C the folowing link , and watch out wat they can do and wat cannot.

http://board.anticrack.de/

Regards feel free to ask me more.

[SirAthos]

Might I add a little twist to this very interesting thread?

It has been multiply stated that the original (C/C++) source code cannot be obained from a release EXE/DLL. However, higher level source code similar in functionality to the original can be obtained. Several attempts at decompilers do exist, but I'd classify them as "work in progress" as of now. (see for instance http://boomerang.sourceforge.net/ )

Anyhow... moving to my question. When having the debug version of a C/C++ EXE or DLL (including the PDB), it should be possible to recreate the source. It is quite trivial, but lengthy, to do it by hand - stepping into the binary does reveal all kinds of information, including variable/function names, types and so on. Even class structure is embedded as debug information. Yet, I am not able to find any utility that automates the task. Does anyone have any useful information?

[NoHero]

www.astalavista.com contains an article to reverse engineering ...

And there are many tools who can compress your code, and/or crypt it. And make it very hard to reverse engineer your programms. But there is a new tool in development: KORE (forgot the homepage, but will look for it)Kernel Of Reverse Engineering. This supposed to be a disassembler than can reverse simple constructions like if/else, while, for functions and calls to them ... I thought it looks something like that:

Code:

module "test.exe"
{
     function [#stdcall | #entry] [12] [4]
     {
           if  (param % 4) not 0x02 then
           {
                 // assembler code goes here
           }
           else
           {

           }
     }
}

And the c code for it is something like that:

Code:

int main ( int argc, char* argv[] )
{
    if ( argc != 2 )
    {
         exit(0);
   }
   else 
   {  // Go on
   } 
}

But its under development ... Lets see what it becomes ... I also will search for an explanation of that code

[walker36]

Hi All

this is my first code on visual c++ 2010. main part is not working

can you please help

#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>

#define MT4_EXPFUNC __declspec(dllexport)

#include "math1.h"
#include <stdexcept>

#define BUFSIZE 1024
#define PIPE_TIMEOUT 5000
#define SERVER_NAME L"."
#define PIPE_NAME L"SamplePipe"
#define FULL_PIPE_NAME L"\\\\" SERVER_NAME L"\\pipe\\" PIPE_NAME

using namespace std;


namespace math
{

MT4_EXPFUNC double __stdcall Add1(double a1,double a2){a4=a1;a5=a2;return a6;}
MT4_EXPFUNC double __stdcall Add2(double a1,double a2){a6=a1;a7=a2;return a4;}


}

void pipez( )
{
BOOL flg;
DWORD dwWrite;
char szPipeUpdate[1024];
HANDLE hFile;

hFile = CreateFile(FULL_PIPE_NAME,GENERIC_WRITE,0,NULL,OPEN_EXISTING,0,NULL);

if(hFile != INVALID_HANDLE_VALUE)
{

sprintf_s(szPipeUpdate,"CL1.58258");
flg = WriteFile(hFile, szPipeUpdate, strlen(szPipeUpdate), &dwWrite, NULL);

}

}



int main( )
{

if ( a4 > a7+0.00000 ) {pipez();}
if ( a5 < a6-0.00000 ) {pipez();}

return(0);
}

[VictorN]

Hi All

this is my first code on visual c++ 2010. main part is not working

And what does your problem have to do with this 8-years old thread discussing something like "reverse engineering"?

Please, delete your post in this thread, create a new one and use Code tags around code snippets.
It would be also very useful if you read Announcement: Before you post....