|
Hi Coders
I'm looking for a code obfuscator and/or an encrypter for native C++ code to make decompiling and reverse engineering more difficult. There seem to be lots of obfuscator programs for Java and .Net code but I haven't found any for C++. Are they unnecessary when using pure native code? Do you know any obfuscators for native code I should look at?
Regards
Jeremy
|
|
|
|
|
Insert the lines like "temp = temp++ - foo(temp++) - temp++;" throughout your code. Not only people, even compilers will get obfuscated by that!
|
|
|
|
|
JSadleir wrote: I'm looking for a code obfuscator and/or an encrypter for native C++ code to make decompiling and reverse engineering more difficult. There seem to be lots of obfuscator programs for Java and .Net code but I haven't found any for C++.
Just use Boost libraries. Then your code is obfuscated automatically.
JSadleir wrote: Are they unnecessary when using pure native code? Do you know any obfuscators for native code I should look at?
When you compile your C++ source code it cannot be reconstruced like in Java and C#. In case you deliver the source code you may use a (commercial) obfuscator - especially when you need to hide poor code quality.
-- modified at 7:08 Saturday 22nd April, 2006
Here is one commercial offering:
http://www.semanticdesigns.com/Products/Obfuscators/CppObfuscator.html?Home=CppTools[^]
|
|
|
|
|
|
You seem to be confused about what obfuscation means. Obfuscating your C++ code will not change the machine code that is generated by the compiler, only the source code used to create the program. The person reverse engineering your code would not know if you obfuscated the original code or not.
There have been methods used to attempt to defeat reverse engineering of code (at the machine code level), but the ultimate result is that your program is slower and more difficult to debug. Any one who is determined to reverse engineer your code will be able to do it, because the best you can do is make it more difficult to do it. The reason for that is that nothing is hidden at the machine level.
A sophisticated decompiler may be able to take the machine code and produce a source code file from it. The resulting code will look nothing like the original code and may not even be in the same language as the original code. It will generate variable names like 'var1' or 'intVar1', because it will not know what the variables are intended to represent, that is also true of function names.
You have no choice but to depend on people to obey the law. That does not mean that it is always illegal to reverse engineer someone else’s code (regardless of what the licenses say), it just means that you can only do it for legal reasons. To figure out how it works so you can duplicate it and make a profit is not one of the legal reasons for reverse engineering code.
INTP
Every thing is relative...
|
|
|
|
|
Thanks John - That makes it a lot clearer - Regards Jeremy
|
|
|
|
|
You are welcome! Normally I would not comment further, it is just that I am surprised that no one pointed it out before me. What I said about attempts to obfuscate code at the machine level was true. Why they even bothered mystifies me, because it is impossible on the face of it.
Now doing obfuscation for entertainment is another thing, some years ago a programming publication had a regular contest and the best one I read was a love letter. That is when you read it, you where reading a love letter. I do not remember the actual output (something to do with love), but it worked perfectly.
INTP
“Testing can show the presence of errors, but not their absence.”
Edsger Dijkstra
|
|
|
|
|
Thanks again John - I'll keep that in mind - Regards Jeremy
|
|
|
|
|
Okay, so for recent contests look here:
http://www0.us.ioccc.org/main.html[^]
People that start writing code immediately are programmers (or hackers), people that ask questions first are Software Engineers - Graham Shanks
|
|
|
|
|
Speaking seriously, you can build your application with multiple dll files and call functions across different dlls. If I remember correctly, Microsoft used a similar technique in their Win95/98 to hide undocumented functionality of their OS (some kind of dll stubs). It is usually pain in the place to reverse engineer code that makes calls to other binaries.
I am not 100% sure but I remember reading somewhere that there are ways of calling a function in dll without exporting its name, just by its binary address (offset) in the file if you know the function signature. This way a person hacking your code can't get much information from dumpbin utility and can't call your function unless he/she can guess all parameter types correctly. Which is not an easy task.
Another way is to write a code that overwrites its own binary, but then your antivirus software may start complaining about your program.
As a bottom line though, I would think that it'll create more trouble for you than to a person hacking your code. Think twice if it is worth your time.
|
|
|
|
|
Many thanks Nick - I appreciate the insight - I've been fumbling around with separate dlls for a different reason and therefore may be able to use it in the way you describe - Regards Jeremy
|
|
|
|
|
Hello!
Here is my idea, I came across about deepfreeze (www.faronics.com) and amazed how their system works. I find deepfreeze helpful and beneficial in protecting computers from spyware, virus and improper installation of programs since a simple reboot of the computer systems restores the original setup (in effect removing all virus and spywares). I conceptualize that maybe the system are manipulating the System's registry (by importing a backup registry file - maybe) during boot process .
Upon surfing the net, I came to learn how Windows XP boot process works (http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c29621675.mspx), and thinking to write a bogus NTOSKRNL.EXE which copy or import a backup registry file (using reg.exe) and later calls the true NTOSKRNL.EXE using exec or spawn.
I don't really know if the idea would work. I taught of asking you this because you have write a KERNEL MODE program "userport". And maybe you could help me.
A link or advice on how to write a kernel mode program or how to import a registry file during windows boot process would be of help
Hoping for a reply soon. Thanks!
Dennis A. Tampoa
Benguet State University
Philippines
|
|
|
|
|
Hi
i need to read currenlty logon user only (not all).
which API for this data ?
-- modified at 2:47 Saturday 22nd April, 2006
|
|
|
|
|
to get the curretly logged user name use
GetUserName()
nave
|
|
|
|
|
|
What Exactly in Windows does Call Back Functions Mean?
and how can we know that a particular function is of kind
CallBack.
Thanks&Regards.
Fly Like An Eagle With MIGHTY POWER.
|
|
|
|
|
hi satish,
A function that receives a WM_TIMER message time and again from the code that you have written is termed as a callback function
LRESULT CALLBACK WndProc(.......)
By seeeing the syntax or the prototype of the function you can know which function is a callback function.
Vision is Always important and so is your ATTITUDE.
Wishes.
Anshuman Dandekar
|
|
|
|
|
A function pointer does't necessarily have to be associated with WM_TIMER, any function can be made into a function pointer.
-Saurabh
|
|
|
|
|
A related question is when I'm writing my own WndProc() with callback enabled as you described,
Should I always make the following default statement after switching on the message? Does it automatically know to call 'MyWindowProc'? Thanks! :
LRESULT CALLBACK MyWindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam){
default:
return DefWindowProc(hwnd, uMsg, wParam, lParam);
|
|
|
|
|
A callback function is a function which is called everytime some event occurs. This has application in many place most notably you can see them used for handling user interaction in GUI's. So whenever you press a button in a window, a function is called to handle the event that function is the callback function for that button.
To create callback function you need to get the pointer to that function and then using this pointer given function can be called whenever needed. So this might be use to differentiate a callback function from ordinary functions. When you find a function called only through a function pointer its definitely a callback function.
-Saurabh
|
|
|
|
|
Hi
Windows is Event driven architecture. so when ever a event occures, a corresponding callback procedure is called. for example when u move a mouse, WM_MOUSEMOVE event accure and will be notified or posted in message queue. A window procedure function or call back function which we defined when we creating a window with CreateWindow function called by a OS. if u r interested in handling of any event u can process that message or u can give to DefWndProc function and OS will take care of the perticular event. So for each window, a wndproc will be there to handle.
Parthi
|
|
|
|
|
A callback function is simply a function which is called to notify the program of some event. He's an example.
typedef void (__stdcall *PMyCallback)(int num);
void DoItNTimes(int n, PMyCallback pCB)
{
for (int i=0; i<n; ++i)
{
(*pCB)(i);
}
}
void __stdcall MyCallback(int num)
{
cout << num << endl;
}
DoItNTimes(10, &MyCallback);
Many functions in Windows (and many APIs in general) use this technique.
Steve
|
|
|
|
|
Hey everyone, I have the following issue: I am not able to build a release version of my app, although building a debug one works great.
So I looked up error 2005 and it said to put libcmt.lib & nafxcw.lib in the ignore directive... WHICH i DID
(results of ignoring libcmt.lib & nafcw.lib, but still adding them to additioanl linker depdendcies)
Here a choice selection of the more than 200 errors:
LIBCMT.lib(invarg.obj) : error LNK2005: __initp_misc_invarg already defined in Libcmtd.lib(invarg.obj)
LIBCMT.lib(invarg.obj) : error LNK2005: __invoke_watson already defined in Libcmtd.lib(invarg.obj)
LIBCMT.lib(invarg.obj) : error LNK2005: __set_invalid_parameter_handler already defined in Libcmtd.lib(invarg.obj)
LIBCMT.lib(invarg.obj) : error LNK2005: __get_invalid_parameter_handler already defined in Libcmtd.lib(invarg.obj)
(results of ignoring libcmt.lib & nafcw.lib, but NOT including them to additional linker depencies)
nafxcw.lib(afxmem.obj) : error LNK2005: "void * __cdecl operator new(unsigned int)" (??2@YAPAXI@Z) already defined in LIBCMT.lib(new.obj)
nafxcw.lib(afxmem.obj) : error LNK2005: "void __cdecl operator delete(void *)" (??3@YAXPAX@Z) already defined in LIBCMT.lib(delete.obj)
nafxcw.lib(afxmem.obj) : error LNK2005: "void * __cdecl operator new[](unsigned int)" (??_U@YAPAXI@Z) already defined in LIBCMT.lib(new2.obj)
nafxcw.lib(afxmem.obj) : error LNK2005: "void __cdecl operator delete[](void *)" (??_V@YAXPAX@Z) already defined in LIBCMT.lib(delete2.obj)
And finally, the library settings that work great for the debug verison:
ADDITIONAL LINKDER DEPENDICIES: user32.lib odbc32.lib odbccp32.lib scrnsave.lib comctl32.lib kernel32.lib gdi32.lib Nafxcwd.lib Libcmtd.lib Advapi32.lib
IGNORE LIBRARIES: Nafxcwd.lib Libcmtd.lib
(I tried with t he exact same libaries on the release version (of course changing nafxcwd.lib->nafcw.lib and libcmtd.lib->libcmt.lib for release version), with no effect.
Thanks in advance!
-- modified at 2:19 Saturday 22nd April, 2006
|
|
|
|
|
This basically means are you trying to link different version of CRT - C Run Time in same executable. To make sure you are using same version in Visual Studion 2005 go to Project --> Properties --> Configuration Properties --> Code Generation --> Runtime Library. There you should see either Multi-threaded (/MT) or Multi-threaded DLL (/MD). Now make sure all the static or dynamic libraries (except system libraries) you are including uses same switch.
-Saurabh
|
|
|
|
|
Thanks Saurabh:
I'm a real VC++ newbie, and I went to the runtime library settings. It's set to be Mutli-Threaded /MT. I then get confused at your next step: how do I make sure all the static or dynamic libraries are including the same switch? How do I specify this, and how do I know what switch they are using?
Many thanks!
|
|
|
|