So Assembler, Assembler and Assembler again…
The essence of this advice is hopefully obvious – modern disassemblers are able to recognize standard procedures of high-level languages, and the API is generally a separate conversation – SoftICE has an amazing ability to load symbolic names for any specified libraries (especially for KERNEL32.DLL ) – debugging is dramatically simplified, because we see the names of the functions being called and can set breakpoints for calling functions by their name.
Tip _1. Use a non-standard way of entering the password.
The easiest way is to write your own visual component for entering the registration code. Of course, it will have to process events from the keyboard, but the moment of reading the code cannot be caught by hackneyed methods. This is something, but there is a second way of hacking, based on searching for the entered code in memory. To do this, SoftICE has a convenient command “S start address L length ‘sample'”, which allows you to find the entered value in memory.
Tip _2. Do not store the entered code in one place !
Tip _3. Do not store the entered code in plain text !
So, what should be done. To begin with, you need to create 5-10 STRING variables in the program and after entering the code, rewrite the entered value in them. It is best to do this not in one place, but to distribute it according to the program. Thus, the search will give a bunch of addresses where the entered code will be located. In this case, I do this – I create a new string variable in dynamic memory on a timer, write code to it. Then, on the next timer trigger, I create a new variable, rewrite the code into it, and destroy the old one. With a certain skill, you can fill your memory with the values of the entered code and make the search almost useless. Moreover, such copying can be combined with code verification or emulation of this verification. Then it’s a good idea to do some operations with these lines – compare them with something…
Tips 3 and 1 can be combined – create your own component that will allow you to enter the code in a non-standard way with its simultaneous encryption.
Analysis of the registration code. So, the code has been entered and measures have been taken to make it difficult to find (although it is possible to find it, but this is time, skill …). Now the next step is analysis. Therefore, immediately advice:
Tip _4. In any case, do not analyze the code immediately after entering it.
The further the code input is from its analysis, the better. The most reasonable thing is to thank the user for their cooperation after entering the code and inform them that the registration of the program will be completed over time. And to analyze the code, for example, after 1-2 minutes in a completely different place of the program.
Tip _5. Don’t check the code in just one place and don’t write a function to check it.
It is enough to find and disable this check, and the protection is hacked. If there are several checks, they are different and distributed according to the program, then hacking is difficult.