[Lazarus] Detecting when decompiler is running
Marc Santhoff
M.Santhoff at web.de
Fri Dec 4 14:09:12 CET 2015
On Fr, 2015-12-04 at 08:29 +0000, Richard Mace wrote:
> Hi All,
> I was wondering if there was a way where an application, written in
> Lazarus, could detect when a compiler is running, perhaps by it's mutex?
> My idea was, in my application, I could periodically check to see if a
> decompiler was running and then my app could perform an operation, such as
> maybe closing.
As others said, decompilers and disassemblers are not detectable. But
for protection there are other counter measures.
1. Protect your program using checksums. Refuse to run if tampered.
2. Use varying protection schemes randomly. I did sth. like that by
including protection code that is switched from the make process between
multiple versions. If some hacker really solves the riddle for one
executable, her hack will fail on most others. Same scheme as compiling
in a serial number, that is changed for each compilation.
3. Check integrity of the program often, from many placces in the
program. If really paranoid, you can combine with randomly selected
checking routines. Using a code scanner/parser and injection code for
checks is relaitvely simple, e.g. at the start of a procedure insert a
check and exit code (or leave out, depending on the moons phase or so).
If you have enough checks, enough randomness between varying mechanisms,
hackers will give up for sure. You are in trouble if those programm
sould be distributed on DVD from one master, though.
I'd like to hear from others about their anti hacking tools ... ;)
Marc
Btw., the licence of the library code permits making closed source
programs. Only Lazarus itself and the compiler code are open source. One
point I like FPC/Lazarus for and use it.
--
Marc Santhoff <M.Santhoff at web.de>
More information about the Lazarus
mailing list