Grawol wrote:Hello Enigma team,
So, my program will check the security only if it build under release directive.
My silly question : can attacker make some kind of switch or jump to other mode (not "RELEASE" in this case) ?
The way you are trying to code is almost OK, however, I would give you some advices.
1. The code example you gave belongs to x64 version, right? Because for x86 version markers should be placed using includes.
2. The main problem in your code is that it protects only part of code, the code that checks for protection, but excludes from protection your procedures. In this case, cracker can add a jimp before begin marker over the security functions and just skip it from running. To avoid that, you need to cover your procedures in markers too, so if cracker adds a jimp over the markers, over the security functions, it will also skip the execution of your code (that may cause problems).
So the code would look as following:
Code: Select all
begin
EP_Marker('vm_risc_begin');
{$IFDEF RELEASE}
// will check all needed security and registration things.
if EP_RegKeyStatus = 0 then ....
if not EP_CheckupIsEnigmaOk then ...
{$ENDIF}
// my procedures
EP_Marker('vm_risc_end');
end;
3. Also note, that I moved EP_Marker function over the RELEASE, that's OK. Just copy the enigma_ide64.dll into the folder of the compiled executable to allow it to run and debug. Note, do not distribute this dll with protected application, it is not needed after protection!
4. Common advice, review the function/procedure, where you apply a virtual machine or security check. In some cases, this kind of protection could be useless, or can be simply bypassed by cracker, for example:
Code: Select all
procedure DoCheck();
begin
EP_Marker('vm_risc_begin');
// will check all needed security and registration things.
if EP_RegKeyStatus = 0 then ....
if not EP_CheckupIsEnigmaOk then ...
EP_Marker('vm_risc_end');
end;
Useless procedure, cracker can patch the memory and just avoid execution of this function, it won't affect the functionality of the program
Code: Select all
function DoCheck() : boolean;
begin
Result := false;
EP_Marker('vm_risc_begin');
// will check all needed security and registration things.
if EP_CheckupIsEnigmaOk then Result := true;
EP_Marker('vm_risc_end');
end;
Also useless function, cracker can patch memory, avoid execution of this function, change the execution context to return TRUE value always.
Code: Select all
function DoAdd(AInteger1, AInteger2 : integer) : Integer;
begin
Result := 0;
EP_Marker('vm_risc_begin');
// will check all needed security and registration things.
if EP_CheckupIsEnigmaOk then
begion
Result := AInteger1 + AInteger2;
end;
EP_Marker('vm_risc_end');
end;
This is the correct example, because if cracker avoid execution of function, something in the program stops to work since DoAdd function performs some algorithm (add). If cracker somehow skip the protection part, the important useful functionality will be also missed.