混淆C ++非托管代码 [英] Obfuscating C++ unmanaged code

问题描述

我正在使用具有知识产权的静态库.我想混淆我的lib.您能建议使用任何工具吗?我花了足够的时间在Google上进行搜索，但是我发现很多工具仅用于托管代码，而不是非托管工具.

快乐编程

Hi,

I am using static lib which has intellectual property. I wanted to obfuscate my lib. Can you please suggest any tool for this. I have spent enough time Googling on this, but I found lots of tools for managed code only and not for unmanaged one.

Happy Programming

推荐答案

以我的经验，您可以通过使代码中的逻辑复杂化并使检测到威胁与您采取的措施之间保持一定距离来增加黑客的生活难度慢慢来.

我会举一些例子.
我使用了C#语法，但是它可以应用于任何语言.


最糟糕的情况.

In my experience you can make the hacker life more difficult by complicating the logic in your code and put some distance between detection of a threat and the action you take about it.

I''ll show some example.
I used C# syntax but it can be applied to any language.


Worst scenario.

public bool IsLoggedIn(string userid, string password)
{
  // logic here
}

这很经典，对黑客来说非常容易，因为他们不必知道逻辑是什么，他们会用return 1
替换您的整个功能
如果您要返回一个更复杂的对象，那么如果没有您的消息来源来查找发生了什么事情，对于黑客来说要困难得多.

如果您将多任务处理放入其中，则几乎变得不可能.
我不认为有任何工具可以做到这一点.

This is classic and very easy for hackers as they don''t have to know what the logic is, they will replace your entire function by return 1

If you were to return a more complex object it is far harder for the hacker without your source to find out what is going on.

If you put a bit of multi-tasking into it it becomes near impossible.
I don''t think there are any tools to do that.

您当然知道非托管库是二进制的-当然不是人类可读的-这就是混淆.如果您正在谈论.lib源代码，则可以考虑使用本文( http://en.wikipedia.org/wiki /Obfuscated_code [^ ])，它确实具有引用'是用于C/C ++的混淆软件.

最终，您将需要向用户发送一些信息-甚至最大的软件制造商都知道-如果您的软件值得花时间/麻烦/费用进行黑客入侵，那么它就可以做到.这就引出一个问题:您的用户群是否有时间/能力/倾向来尝试窃取信息?这只是一种拖延的策略-如果他们"来吸引你，他们就会得到你".

其他选项，具体取决于您要发送的内容:自修改代码和加密.

You, of course, know that the unmanaged library is binary - certainly not human-readable - which is the typical point of obfuscation. If you''re talking about the .lib source code, you may consider this article (http://en.wikipedia.org/wiki/Obfuscated_code[^]) which does have ref''s to obfuscation software for C/C++ .

Ultimately, you''ll need to send your users something - and as even the biggest software manufacturers know - if your software is worth the time/trouble/expense of hacking it will be done. This begs a question: will your user base have the time/aptitude/inclination to try to steal the information? It''s only a delaying tactic - if "they" are coming to get you, they''ll "get you".

Other options, depending upon exactly what it is you''re sending: self-modifying code and encryption.

这篇关于混淆C ++非托管代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！