Temporarily Out of Stock Online
This essential resource for software developers highlights the weak points in "well-protected" software, shows how crackers break common protection schemes, and how to defend against crackers. Includes in-depth discussions of anti-debugging and anti-disassembling. The CD-ROM contains compression and encoding software, debuggers and anti-debugging tricks, practical protection demonstrations, and extended examples from the book.
|Publisher:||No Starch Press|
|Product dimensions:||7.36(w) x 9.34(h) x 0.82(d)|
About the Author
Cerven is a software developer with Alcatel. After a brief stint in the world of PC viruses, he now works to protect software against unauthorized copying.
Table of Contents
|Chapter 2||Cracking Tools||9|
|Chapter 3||The Basic Types of Software Protection||15|
|Chapter 4||CD Protection Tricks||41|
|Chapter 5||Program Compression and Encoding: Freeware and Shareware||53|
|Chapter 6||Commercial Software Protection Programs||75|
|Chapter 7||Anti-Debugging, Anti-Disassembling, and Other Tricks for Protecting Against SoftICE||95|
|Chapter 8||Protecting Against Breakpoints, Tracers, and User Debuggers||167|
|Chapter 9||Other Protection Tricks||185|
|Chapter 10||Important Structures in Windows||207|
|Chapter 11||Suggestions for Better Software Protection||225|
|About the CD||232|
Most Helpful Customer Reviews
Much of current software defenses against crackers consists of preventing or detecting breakins to your computer from across a network. The cracker is inherently at a disadvantage. For one, you (the sysadmin) have physical access to your machine. You can reboot it at will; compare signatures of installed programs against known signatures that are stored readonly; and you can install network analysers and other computers to check your main machine. But there is an entirely different cracker activity where she now has built in edges. This consists of where you write code that others can install on their computers. Your code can end up on a cracker's machine. She has (you have to assume) a good deassembler and decompiler, and is fluent in the assembly language of your code. You don't have it easy. Cerven explains the many measures you might take to protect the running of your code. Alas, for most of these, if not all, over time, a sufficiently talented cracker can find a countermeasure. The book is a tribute to human ingenuity. As a purely intellectual puzzle, you may find his explanations intriguing. He describes a small cottage industry of companies that offer licensing programs that try to control access to your code. The best known may be installshield. This is very common on Microsoft platforms. Also mentioned is flexlm, which unix sysadmins should find familiar. The bottom line is given in the last chapter. A list of suggested best practices. None of which are guaranteed to offer absolute protection. But the cumulative applications of these practices should act as a good deterrent. The only thing that seems to be missing is a discussion of code that comes on DVDs. He describes CDs. Surely by now some large code packages must come on DVDs. (Especially the games.)
As a renowned computer security expert once said, 'trying to make bits not copyable is like trying to make water not wet'. This book goes into detail on tricks to thwart attempts at running debugging tools against programs you develop. Many of the suggestions presented by the book are detailed with plenty of example code given, but are narrow in scope. As such, new debugging and disasssembly tools (which are not susceptible to these tricks) have probably been developed by the time you crack the spine. I have never heard of a commercial program which uses software based anti-crack mechanisms which has not been cracked. At one point in the book, the author suggests that, if possible, you make your program run in ring 0 to thwart some crack attempts. This suggestion alone makes me question the author's competence. This book is interesting if you are curious, but the techniques are a waste of time and completely ineffective. Preventing people from manipulating a program running on a computer they have full control over is impossible.