Re: [GD-General] Is it possible to detect debugging?
Brought to you by:
vexxed72
Menu
▾
▴
Re: [GD-General] Is it possible to detect debugging?
|
From: Colin F. <cp...@ea...> - 2003-10-10 02:25:48
|
I am convinced that a binary executable will never know how it is being executed. >>> That won't stop me from running windbg in non-invasive mode and >>> capturing a memory dump, then inspecting that. I heard of "WinDbg" before (and, no, I don't mean that I heard about it from the previous post! Hee, hee!), but I've never used it. What do you mean by capturing and inspecting a memory dump? Are you simply referring to looking at a snapshot of all allocated memory buffers? The only application hacking I ever did was on the Commodore 64, when I loaded an application, and then simply dumped a memory image of RAM to a file on disk. Thus, restoring the file to memory would bring the application back to life, in the exact state of its execution. I guess it is like bringing a laptop out of hibernation, or using VMWare (or whatever the product is called), to restore various computer states. So, one crude application cracking method would be to store both the executable and stored memory buffers and somehow restore both in to a process. I'm sure it's easy to protect against this kind of crack! Is the benefit of checking memory that you can look at run-time data structures, like finding where the player's "gold pieces" or "health" value is stored? Or scanning for strings, 3D models, textures, network buffers, etc? As I mentioned earlier, I am just making conversation. If I was talking about hacking prevention, I would say that various components to a complete solution involve: (1) Making every binary very unique (custom-built per user per download from the Internet); (2) Subscription model, or at least the requirement of calling home on start-up; (3) Making the application algorithm complicated, so even a total understanding of actions at the assembly level don't give any hint about the high-level actions in the program. I think all three pieces are necessary to make the hacker's effort a nightmare that ends in depressing failure. I read in a recently published book the claim that even the elite hackers, despite their expertise in the low level operations of computers, often cannot comprehend intermediate algorithms in computer science. But I think the only way that fact could be put to good use in anti-cracking efforts would be to make the entire application an intermediate level computer science algorithm! Otherwise, the cracker just bypasses the crazy code and replaces it with a functional "equivalent" -- like just saying, "yes" to the question of whether or not the product key is valid! By the way: I hate the idea of turning all products in to rentals! That just sucks. Unless it's a true *service*, with ongoing value added, then a "leasing" model is just greedy exploitation of the market. I swear I don't mean to rant or bash any company in particular, but I am generally afraid of the exploitation that occurs when companies succeed in taking full control of distribution (cell phone carriers) or the target platform (consoles or the upcoming CPU/OS combination that renders a PC in to a console). I make these comments just to make sure it's clear that there's a difference between protecting a product and exploiting one's control over a channel. --- Colin |
