Protecting your code

[Jacky Luk]

I saw an old thread in this group which addressed the issue of reverse
compilation. After some study, I draw a conclusion that "reverse
compilation" is completely blocked off in win32 environment (except in .NET
languages like C#) because (in the worst case) when you tried to figure out
what has been done on a C++ program. The answer was already precomputed by
the compiler on the author's side. So you never get the algorithm.
For example,
If someone knows how to optimize code
int main (int argc, char *argv[])
{
int i,j, k[10];

i = 0;
j = 20;
i = j * 3;


return 0;
}

What you will get when you "debug" the program

push 0x3c (60)
call printf

So you get nothing out of it... needless to say .NET which is a stronger
compiler than ever.

So It is the most secure to write code in Win32 environment since all the
info is destroyed

The above is my personal opinion!

 

[Jon Skeet [C# MVP]]

I saw an old thread in this group which addressed the issue of reverse
compilation. After some study, I draw a conclusion that "reverse
compilation" is completely blocked off in win32 environment (except in .NET
languages like C#) because (in the worst case) when you tried to figure out
what has been done on a C++ program. The answer was already precomputed by
the compiler on the author's side. So you never get the algorithm.

Only when things *can* be precomputed by the compiler. This isn't the
case in most applications with any significant algorithms.

So It is the most secure to write code in Win32 environment since all the
info is destroyed

Yes, information is removed if the compiler can do it all at compile-
time. Care to show any *real world* examples of sensitive algorithms
which can be evaluated entirely at compile-time? Bear in mind that most
algorithms need to take parameters which are used in the computation...

 

[Sean Hederman]

So It is the most secure to write code in Win32 environment since all the
info is destroyed

Even if this was true, I am continually amazed at people who are so hung up
about reverse engineering. I'm of the opinion that time spent worrying about
this, working on it, or "resolving" it is time wasted. Working out what a
program does is hard, especially without documentation or comments. Even if
a competitor decided to use your code base they would still be behind. Your
development would be spending time creating new versions, and adding
functionality, whilst the competitor would be spending all their time
reverse engineering old code, and trying desperately to handle bugs they
could not understand.