Use of IsDebuggerPresent to block hackers

B

Bill

I am writing a DLL in c#. I read about the Win32 function
IsDebuggerPresent and am wondering if I should use it to block hackers
from peeking at the business logic in my code. IsDebuggerPresent does
not block use of the .NET debugger used in VS and, of course, I do not
want to block that because I expect developers to use my DLL in that
environment. I don't know anything about unmanaged debuggers and if
they can be used to get at the soure code of my DLL and if
IsDebuggerPresent is effective for that.

What is your advice?

Bill
 
P

Peter Duniho

I am writing a DLL in c#. I read about the Win32 function
IsDebuggerPresent and am wondering if I should use it to block hackers
from peeking at the business logic in my code. IsDebuggerPresent does
not block use of the .NET debugger used in VS and, of course, I do not
want to block that because I expect developers to use my DLL in that
environment. I don't know anything about unmanaged debuggers and if
they can be used to get at the soure code of my DLL and if
IsDebuggerPresent is effective for that.

What is your advice?
Click to expand...

Just forget about it altogether.

If your code is on a computer outside your physical control, there is
_nothing_ you can do to prevent someone from "peeking" at it. Checking
for a debugger is even less useful, because it will have no effect on
someone looking at your code when it's not executing (e.g. Reflector or
other disassembler).

At best, you simply introduce one minor hurdle for a hacker to traverse,
and at worst you run the very real risk of interfering with legitimate
uses of your software.

With respect to copy-protection generally (which is basically what you're
talking about) consider that the cost in terms of effort and potential
side-effects cannot exceed the benefit to someone else if they should
manage to get through your protection, otherwise you've spent more than
any breach would cost you. On the other hand, if your code has a value to
justify a certain cost in protecting it, it has enough value to justify an
attack bypassing your protections.

Once you realize that it is literally impossible to protect your code from
attackers if your code is allowed onto a computer that is not under your
postive control, it becomes clear that no form of client-side copy
protection is cost-effective.

If you have business logic that must be protected (and frankly, it's
unlikely you do...that's an extremely rare scenario), then you should
implement that business logic in a way that it only ever has to be present
on a computer under your positive control. For example, make it a
web-based service (see Google search, for example).

Pete
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Using Enterprise Libary 2.0 from a DLL ? 1
How to block a chunk of IPs? 2
Proper unmanaged to managed exception handling -- SEHException and 3
block sender domain 2
using unmanaged dlls from managed dll wrappers. 5
Can you use the Configuration Management Application Block for app.config files? 2
How to add dynamic block of textboxes. 5
asp to asp.net with block variable not set error 3

Top