The main target of a hacker would be the DLL. One approach is to disassemble the EXE file, search for the DLL calls and bypass the DLL calls. This can be discovered with the method described below.

 

To obstruct crackers in removing your protection and license-check code you can use this strategy based on the Tag values.

 

How does a cracker work? First he tries to locate the code that blocks the execution of the program. Typically he finds that code by searching for the output e.g. “you have no license…”. Then he bypasses the failing check that leads to that message. So he will gradually learn that all calls to Licence Protector are for protecting the application and he probably will remove them. And that is the point where the “good and bad value” can be successfully used:

 

Initialize a variable at the beginning of your application with a wrong value.

 

Example: 1000000 (to use the timer later) or if you use calculations in the application define a constant which you use in the calculation with a wrong value. A timer would let the application hang. A wrong formula would give wrong results.

 

Within the license file, store the correct value in the TAG field – e.g. 1 (to use the timer) or the correct value of the constant.

 

The PrepareAndCheck command and the ValidateEX command return the Tag value automatically. Before using the ValidateEx command, reset the variables with the wrong value.

 

Now do not simply check this value and react with a message like “Hey cracker, you have removed my protection code”. The cracker would bypass that code at once and nothing is won. The trick is to use that bad or good value silently for example in an algorithm that calculates the duration of a timer-interval. The application needs an interval of 1 second to work correctly but calculated with the wrong value it would be set to 1000000 (Note: This is an example!). The result is that the cracked application will hang or not be completely functional and the cracker will have a really hard time to find the reason. This is because now he has to understand the logic of your application and not only search for some key-words and bypass some lines of code.

 

A further improvement is to start the bad behaviour not at once but after some time so that searching for the problematic code will be even more complicated.

 

As mentioned above you should use the ValidateEx() function to read the good value. Every module can have an own tag value defined in your project configuration file in the TagValueModule item.

 

Example

Define a Tag value in the project template

 

 

 

•At the beginning of your program, set the variable TagValue1=100000

•When testing a module read the TAG value with ValidateEx() command

•Divide TagValue by 20. Wait in the program for the result (either 1 second or 5000 seconds)

 

If the hacker has removed your code, then the program will wait for 100005000 seconds.

 

Note: This is a very simple example. You should use a more complex algorithm and your counter-measures should not easily attract suspicion.

 

Recommendations

 

•Use the TAG value in any case with the PrepareAndCheck command

•Use ValidateEx() multiple times during the application runs. Reset the value before you call this command

•If you have different modules use different TAG value strategies (e.g. one formula, one timer)