为提供一个C API隐藏内部功能的最佳实践 [英] best practice for delivering a C API hiding internal functions
问题描述
我已经写了一个C库,包括在几个.h文件和.c文件。我编译成。一个静态库。
I have written a C library which consists in a few .h files and .c files. I compile it as a .a static library.
我想只公开某些功能给用户,并保持休息为晦涩成为可能,使逆向工程相当困难。
I would like to expose only certain functions to the user and keep the rest as "obscure" as possible to make reverse engineering reasonably difficult.
我的理想库将包括:
仅向用户公开的功能-1-酮h文件
2 - myLibrary.a:作为联合国reversengineerable尽可能
Ideally my library would consist of: 1- one .h file with only the functions exposed to the user 2- myLibrary.a: as un-reversengineerable as possible
什么是的最佳实践?我应该在哪里看,是有一个很好的教程/书的地方?
What are the best practices for that? Where should I look, is there a good tutorial/book somewhere?
更具体地说:
有关 - 1 - 我已经有我所有的.h和.c的工作,我想避免周围改变它们,从.H移动函数声明为.c和进入循环引用潜力PBS。那可能吗?
比如它是一个好主意,创造出我只会用与我的。一个发布一个新的.h文件中?这.H会包含我要揭露和前瞻性的我用的类型声明,功能的副本。这是一个好主意吗?
for - 1 - I already have all my .h and .c working and I would like to avoid changing them around, moving function declarations from .h to .c and go into circular references potential pbs. Is That possible? FOr instance is it a good idea to create a new .h file which I would use only for distributing with my .a? That .h would contain copies of the functions I want to expose and forward declarations of types I use. Is that a good idea?
有关 - 2 -
for - 2 -
一)什么GCC标志(或x code)须我知道(剥离,没有调试符号等)
B)一个很好的指针,以了解如何做code混淆?
a) what gcc flags (or xcode) shall I be aware of (for stripping, not having debug symbols etc) b) a good pointer to learn about how to do code obfuscation?
任何想法会有所帮助,
谢谢,巴巴
推荐答案
通常的做法是,以确保每一个函数和全局变量,它是仅用于内部的一些模块声明静态的模块中。这限制了内部实现细节的曝光,从一个单一的模块。
The usual practice is to make sure that every function and global variable that is for use only internal to some module is declared static in that module. That limits exposure of internal implementation details from a single module.
如果你需要的模块之间的交叉,但不适合大众消费的内部实施细则,然后声明是保密的,而不是提供一个或多个 .H 文件给最终用户。以这种方式定义的对象的名称仍然将是可见的连接器(和工具,如 objdump的和纳米 ),但其详细的签名不会的。
If you need internal implementation details that cross between modules, but which are not for public consumption, then declare one or more .h files that are kept private and not delivered to end users. The names of objects defined in that way will still be visible to the linker (and to tools such as objdump and nm) but their detailed signatures will not be.
如果您有交付给最终用户的数据结构,但它是不透明的,再考虑具有API提供这些作为指针指向一个结构由申报公共API .H 文件中没有定义。将preserve类型安全,同时隐藏实现细节。当然,完整的结构的定义是在一个私人 .H 文件。
If you have data structures that are delivered to the end user, but which are opaque, then consider having the API deliver them as pointers to a struct that is declared by not defined in the public API .h file. That will preserve type safety, while concealing the implementation details. Naturally, the complete struct definition is in a private .h file.
通过护理,可以保持部分载入文件公众所知结构这是一个类型的双关语的真正的定义,但只公开public成员。这是更难以跟上日期,如果你这样做,我会做一定有一些强有力的测试用例来验证公版其实等同于在该问题的所有方面的专用版本。
With care, you can keep a partially documented publicly known struct that is a type-pun for the real definition but which only exposes the public members. This is more difficult to keep up to date, and if you do it, I would make certain that there are some strong test cases to validate that the public version is in fact equivalent to the private version in all ways that matter.
当然,使用条来删除调试段,使得内部细节不被泄露的方式。
Naturally, use strip to remove the debug segments so that the internal details are not leaked that way.
有工具,有可能混淆所有的本意是仅供内部使用的名字。如果作为构建过程的一部分运行,可以使用具有一切合理名内部调试版本中工作,并且需要已命名所有的内部函数和全局变量,只有一个连接可以爱名身材。
There are tools out there that can obfuscate all the names that are intended to be only internal use. If run as part of the build process, you can work with an internal debug build that has sensible names for everything, and ship a build that has named all the internal functions and global variables with names that only a linker can love.
最后,习惯了一个事实,即任何人都可以的使用的资料库将能反向工程库在一定程度上。有迹象表明,可以采取反措施的调试器,但恕我直言这种方式在于疯狂和无奈。
Finally, get used to the fact that anyone that can use your library will be able to reverse engineer your library to some extent. There are anti-debugger measures that can be taken, but IMHO that way lies madness and frustration.
这篇关于为提供一个C API隐藏内部功能的最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
