This is a simple way to protect your application from any so-called "cracker", without involving obfuscation. Remember that this works only against Reflector (tested on: v220.127.116.11), any other decompilers are "immune".
The main idea is this: you change the value of
NumberOfRvaAndSizes from the optional header of your application (
NumberOfRvaAndSizes is usually 16 (0x10) in any PE, however we can change that value to any number between: 0x6 and 0x9. Values outside this range will crash the application.
This value holds the number of data directories (
IMAGE_DATA_DIRECTORY) - Reflector's problem is that it always expects the value to be 16 even though the application doesn't require that.
Modifying the Optional Header
The value of
NumberOfRvaAndSizes is always stored on the 244th byte (0x00000F4), so you can change that value with a simple Hex Editor.
It will look like this:
After you change that value with one between 6 and 9, save the application and you're done.
If you try to open this in Reflector, it should return an error message:
"Invalid number of data directories in NT header."
- Might not work on 64 bit systems
- Not a "global" fix, other decompilers can still get the source code
- Still a weak method, any skilled cracker would notice that
</img /> </img />