Protection of programs from hacking


This article is devoted to a topic that is currently quite relevant – protecting programs from hacking and illegal copying. There are many articles devoted to this topic, one of the most interesting (of those that came across to me) is the article “Protection of shareware programs” by Vladimir Katalov in Computerra Online#240. He gave a number of tips on writing shareware programs and I don’t want to repeat myself – go read it.

Let’s look at some of the subtleties of the organization of protection on a fairly popular example – we assume that the program is protected by some code (serial number, password), which is communicated to the user after he meets certain conditions. Prior to registration, a number of useful functions are blocked in this program, annoying ads are used or the work schedule is limited. After entering this code, it is checked and if the check is positive, the program starts working normally. For some reason unknown to me, in most modern programs, this protection is done monotonously and it takes 10-15 minutes to remove it. In this article I will try to share my experience in building security systems. I can warn you right away – it’s almost useless to resist a good hacker, and it’s not necessary – if desired, any protection can be hacked, it’s a matter of time.

Hacker’s toolkit. A modern hacker has in his arsenal a set of various hacking tools. They can be divided into several categories

Debuggers. They allow you to interrupt the execution of the program when pre-set conditions are reached, perform step-by-step execution of the program, change the contents of memory and registers, etc. The most popular, convenient and powerful is the SoftICE debugger, which, with a fairly primitive interface, has decent capabilities and works very stably.

Disassemblers. The program is disassembled for further study of the resulting code. One of the most popular is IDA. It is easy enough to protect yourself from the disassembler by encrypting or archiving the program. Then only the archiver or encoder is disassembled.

Monitoring tools. This is a set of utilities that track operations with files, registry, ports and network.

Means of passive program analysis. They show different information about the program – they extract resources, show connections, libraries used. A classic example is the utility DEPENDS.EXE from the Visual Studio kit. It shows which libraries are used by the program and which functions are imported.

Other utilities. There are a great many of them (you can find them on a disk like “Everything for a hacker”, and in abundance). These are various editors, analyzers…