c++ - Protecting PE files
- Erik Weber (21/21) Apr 06 2012 Another security question for whomever can help.
- Walter Bright (3/22) Apr 11 2012 It's a lost cause to try and prevent people from disassembling your PE f...
- Erik Weber (1/1) Apr 12 2012 Thanks.
Another security question for whomever can help. As I understand it (please correct me if I am wrong), the digital signature applied with something like signtool.exe incorporates a checksum but otherwise does not alter the file structure (such as the code and data sections). Is it feasable for a cracker to infect an exe with a patch while still causing the checksum to be calculated with the same result (maybe by adding or removing bogus instructions), thus forging the signed exe? More importantly, what recommendations do any of you have for protecting PE files that you want to sell (from reverse engineering)? It looks like a common way of doing this is to use some sort of "packer" that either compresses, encrypts, or both, the code section of the PE file, which is then uncompressed/decrypted and somehow loaded by the entry point function at runtime. Is it very difficult to write your own program to do something like this, or is there a decent commercial product to start with that is known to work well? When I search for stuff like this I seem to find some whitepapers but otherwise endless dead links . . . Thanks, Erik
Apr 06 2012
On 4/6/2012 7:33 AM, Erik Weber wrote:Another security question for whomever can help. As I understand it (please correct me if I am wrong), the digital signature applied with something like signtool.exe incorporates a checksum but otherwise does not alter the file structure (such as the code and data sections). Is it feasable for a cracker to infect an exe with a patch while still causing the checksum to be calculated with the same result (maybe by adding or removing bogus instructions), thus forging the signed exe?Yes.More importantly, what recommendations do any of you have for protecting PE files that you want to sell (from reverse engineering)? It looks like a common way of doing this is to use some sort of "packer" that either compresses, encrypts, or both, the code section of the PE file, which is then uncompressed/decrypted and somehow loaded by the entry point function at runtime. Is it very difficult to write your own program to do something like this, or is there a decent commercial product to start with that is known to work well? When I search for stuff like this I seem to find some whitepapers but otherwise endless dead links . . .It's a lost cause to try and prevent people from disassembling your PE file.
Apr 11 2012