[Lazarus] Detecting when decompiler is running

Martin Frb lazarus at mfriebe.de
Fri Dec 4 17:14:12 CET 2015


On 04/12/2015 08:29, Richard Mace wrote:
> Hi All,
> I was wondering if there was a way where an application, written in 
> Lazarus, could detect when a compiler is running, perhaps by it's mutex?
> My idea was, in my application, I could periodically check to see if a 
> decompiler was running and then my app could perform an operation, 
> such as maybe closing.

Well there is no 100% protection.
Even if you make it so hard, that it is financially not interesting for 
a cracker, there will be someone who does the job to make him self a 
name, add it to their trophy list.
Hence my opinion: if you spent to much time/money on protection, then 
thats already your loss.

Anyway, there are 2 ways your app can be hacked.
1) a key can be distributed.
   1a) Either stolen, or bought with wrong credentials
   1b) a key generator can be written
2) a patch can be written to modify your exe.

(2) is always possible, and will happen unless (1) is really simple. But 
(2) is not so attractive to the users, as the risk is that they download 
a virus with it. IMHO attempting to protect against (2) is a waste of time.

(1) is important. Because downloading a key (usually a bit of text) is 
easy. Sign licenses with a private key. That should stop (1b).

(1a) can IMHO only be solved by phoning home. That in itself can loose 
you a small number of potential buyers.
Download a revocation list: hashes of keys no longer allowed, the 
overall list is signed, and it is issued with a time stamp, updated 
every minute. Your app will only run, if it can get a list not olden 
than x days.  Downside if your server is down, longer that this ..... 
Also the user needs internet.
Alternatively you can try to bind the license key to the hardware 
signature of the users pc. Allowing to reactivate a few times, then 
having to phone you.... I remember some big company did that in the past.

The other option is a dongle. Then you do not need to phone home. Again 
some hacker will create a patch to your software. But hopefully enough 
users will pay, rather than risking a virus.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lazarus-ide.org/pipermail/lazarus/attachments/20151204/f8270962/attachment-0003.html>


More information about the Lazarus mailing list