Re: Dll Security

• Previous message: Mikey: "Credentials for Application use"
• In reply to: Keith Oxenrider: "Re: Dll Security"
• Next in thread: Chris Matthews: "RE: Dll Security"
• Reply: Chris Matthews: "RE: Dll Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 10 May 2005 10:54:20 -0300
To: secprog@securityfocus.com

Thanks for all replies. i'm gonna take a look in upx, i must fix this
solution even if i just raise the bar.

Best Reguards,

VP

>On 5/7/05, Keith Oxenrider <koxenrider@sol-biotech.com> wrote:
> The real question you should be asking is 'what is the point?' Any decent
> cracker will be able to look at your decrypted binary in RAM, even make a
> copy of it for later use. The very best you can do is raise the bar, but
> to have any real chance of making a difference you need to make your
> program detect that it is being run in a debugger (not a trivial task and
> probably one that is fundamentally impossible, as the hardware itself can
> be emulated) and continue to run, but with some subtle differences that
> make it unusable (if it just crashes, it tells the cracker just what she
> needs to know to bypass the check). Obscuring the code generally makes
> maintenance costs skyrocket; you should do an economic analysis to prove
> that the extra effort will be repaid. Keep in mind that legitimate users
> often need to run their code in debuggers as well, so be sure to factor in
> the ill will created when their attempts to debug their code that uses your
> DLL cause all sorts of nasty problems for them (not to mention the support
> calls!).
>
>
> Keith Oxenrider
> CISSP
>
> At 04:17 PM 5/6/2005 -0300, VP wrote:
> >Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an
> >important algorithm used here.
> >
> >Well today i'm using a following approach:
> >
> >I'm encrypting the dll with a program, then when i want to loadlibrary() it,
> >i decrypt it to a plain-text file, then i loadlibrary the plain-text file.
> >So i have my encrypted dll and i have a plain-text version either. To
> >mitigate this vulnerability, i'm using EFS to protect my plain-text dll.
> >
> >I'm wondering if using the PE format i can do some kind of "on-the-fly
> >encrypt and decrypt". Is it possible ? There is any example ? Is it a good
> >solution ?
> >
> >Thanks in advance,
> >
> >Victor
>
>

• Previous message: Mikey: "Credentials for Application use"
• In reply to: Keith Oxenrider: "Re: Dll Security"
• Next in thread: Chris Matthews: "RE: Dll Security"
• Reply: Chris Matthews: "RE: Dll Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: DLLs and STEPLIBs ... MVS PDSEs with a PATH expression to where the DLL lives. ... DLL which BAR references CUSP. ... (bit.listserv.ibm-main) Re: The quilt block that almost did me in! ... When you raise the Bar you REALLY raise the Bar:) ... For some hug quilts I design an original block just for ... > frustrations with the design and sewing seem so unimportant. ... (rec.crafts.textiles.quilting) Re: Good News from Ms. Butterfly ... > When you raise the Bar you REALLY raise the Bar:) ... > wants the Poiple LC when it is FINISHED (and it is in HER colors--2nd HHCN ... For some hug quilts I design an original block just for ... (rec.crafts.textiles.quilting) Re: Why must I click in document to force Word status bar to reset after running macros? ... >I have several toolbar macros located in a Word 2003 global template. ... >macros call a COM DLL to launch specific document templates with automation. ... >status bar to reset so the page number, etc. appears (status bar is blank ... (microsoft.public.word.customization.menustoolbars) Re: OT: Stolen Elections? Nah ... ... Raise the bar to people with triple digit ... There's three...that outta ... (rec.arts.marching.drumcorps)