HxD (hex editor) allows to search/view/edit RAM.
How can I protect a EXE against such editor? Data is encrypted inside INI/registry/DB, but is decoded at RAM.
What is the solution? At runtime decode, use and recode data inside RAM ASAP?
A:
You can use an exe protector like Themida (one that will make even viewing the memory difficult), but remember that users will hate you for that. Also, remember that Themida, like all other protectors, is routinely cracked, despite what vendors of such software claim.
Short: There is no good way to prevent reverse engineering, ever.
Elias Yarrkov
2008-09-30 14:59:53
A:
You are trying to hold back the sea with a teaspoon.
This kind of "in memory protection" is what good (evil?) malware does. I have seen live demonstrations of how to break this kind of "protection". It is ultimately useless - at some point your clear text must be available for execution by the computer. A competent programmer/reverse engineer can easily find when the clear text becomes available and then just pause the program and examine the process memory at their leisure.
This is the same problem the RIAA faces with DRM: the requirements are defective. You want to hide your program from your users, and yet in order for them to use it, they must have the clear text at some point.
Your only possible salvation TPM but they are so rare in the consumer market your user base will be down to single digits.
freespace
2008-09-30 15:15:14