www.digitalmars.com         C & C++   DMDScript  

c++ - Protecting PE files

reply Erik Weber <my_name_here mindspring.com> writes:
Another security question for whomever can help.

As I understand it (please correct me if I am wrong), the digital
signature applied with something like signtool.exe incorporates a
checksum but otherwise does not alter the file structure (such as
the code and data sections). Is it feasable for a cracker to
infect an exe with a patch while still causing the checksum to be
calculated with the same result (maybe by adding or removing bogus
instructions), thus forging the signed exe?

More importantly, what recommendations do any of you have for
protecting PE files that you want to sell (from reverse
engineering)? It looks like a common way of doing this is to use
some sort of "packer" that either compresses, encrypts, or both,
the code section of the PE file, which is then
uncompressed/decrypted and somehow loaded by the entry point
function at runtime. Is it very difficult to write your own
program to do something like this, or is there a decent commercial
product to start with that is known to work well? When I search
for stuff like this I seem to find some whitepapers but otherwise
endless dead links . . .

Thanks,
Erik
Apr 06 2012
parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 4/6/2012 7:33 AM, Erik Weber wrote:
 Another security question for whomever can help.

 As I understand it (please correct me if I am wrong), the digital
 signature applied with something like signtool.exe incorporates a
 checksum but otherwise does not alter the file structure (such as
 the code and data sections). Is it feasable for a cracker to
 infect an exe with a patch while still causing the checksum to be
 calculated with the same result (maybe by adding or removing bogus
 instructions), thus forging the signed exe?

Yes.
 More importantly, what recommendations do any of you have for
 protecting PE files that you want to sell (from reverse
 engineering)? It looks like a common way of doing this is to use
 some sort of "packer" that either compresses, encrypts, or both,
 the code section of the PE file, which is then
 uncompressed/decrypted and somehow loaded by the entry point
 function at runtime. Is it very difficult to write your own
 program to do something like this, or is there a decent commercial
 product to start with that is known to work well? When I search
 for stuff like this I seem to find some whitepapers but otherwise
 endless dead links . . .

It's a lost cause to try and prevent people from disassembling your PE file.
Apr 11 2012
parent Erik Weber <my_name_here mindspring.com> writes:
Thanks.
Apr 12 2012