Announcement

Collapse
No announcement yet.

Making a DLL harder to hack.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Making a DLL harder to hack.

    I have in the past seen people who have spent months writing an app robbed of their income by some cheesy little cracker who built a keygen to get their code for free. If you are writing low turnover high priced code, you have a vested interest in protecting it. This example is the absolute bare bones of a technique that only has one EXPORT that has its name aliased to something trivial and all it returns is an address. It can be used to return a virtual table of addresses that cannot easily be called and you can obscure it further with a number of levels of indirection with table members. The code is a bit complex but the concept is reasonably straight forward.

    The calling app.

    Code:
    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
        #include "\basic\include\win32api.inc"
    
        DECLARE FUNCTION ItsMeStoopid LIB "test.dll" ALIAS "O01" as DWORD
    
        GLOBAL TheExport as DWORD
    
    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
    FUNCTION PBmain as LONG
    
        LOCAL var as DWORD
    
        ItsMeStoopid                    ' call the obscured export
        ! lea eax, [eax]                ' load the address in eax
        ! mov TheExport, eax            ' store it in a variable
    
        ! call TheExport                ' call function at that address
        ! mov var, eax                  ' store return value in a variable
    
        MessageBox 0,format$(var),"Title",%MB_OK
    
    End FUNCTION
    
    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    The DLL.

    Code:
    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
        #compile DLL "test.dll"
    
        DECLARE FUNCTION ItsMeStoopid ALIAS "O01"() as DWORD    ' ucase O, zero & 1
    
        GLOBAL hInstance as DWORD
    
    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
     FUNCTION LIBMAIN( _
                       BYVAL iInstance AS DWORD, _
                       BYVAL lReason AS DWORD, _
                       BYVAL lReserved AS DWORD _
                     ) AS LONG
    
        hInstance = iInstance                       ' make the DLL instance GLOBAL
    
        FUNCTION = 1                                ' needed to start DLL
    
     END FUNCTION
    
    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
     FUNCTION ItsMeStoopid() EXPORT as DWORD        ' the only exported function
    
        FUNCTION = CodePtr(TheSerialNumber)         ' simply return the address
    
     END FUNCTION
    
    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    
     FUNCTION TheSerialNumber() as DWORD            ' non exported function
    
        FUNCTION = 1234567890                       ' put a complex serial here to xor against
    
     END FUNCTION
    
    ' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    The disassembly shows the EXPORT as it is aliased.

    Code:
     Exp Addr Hint   Ord Export Name by test.dll - Sat Feb 07 19:47:36 1970
     -------- ---- ----- ---------------------------------------------------------
     000010CD    0     1 O01
    hutch at movsd dot com
    The MASM Forum

    www.masm32.com
Working...
X