Use of IsDebuggerPresent to block hackers

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

I am writing a DLL in c#. I read about the Win32 function
IsDebuggerPresent and am wondering if I should use it to block hackers
from peeking at the business logic in my code. IsDebuggerPresent does
not block use of the .NET debugger used in VS and, of course, I do not
want to block that because I expect developers to use my DLL in that
environment. I don't know anything about unmanaged debuggers and if
they can be used to get at the soure code of my DLL and if
IsDebuggerPresent is effective for that.

What is your advice?

Bill
 
I am writing a DLL in c#. I read about the Win32 function
IsDebuggerPresent and am wondering if I should use it to block hackers
from peeking at the business logic in my code. IsDebuggerPresent does
not block use of the .NET debugger used in VS and, of course, I do not
want to block that because I expect developers to use my DLL in that
environment. I don't know anything about unmanaged debuggers and if
they can be used to get at the soure code of my DLL and if
IsDebuggerPresent is effective for that.

What is your advice?
Click to expand...

Just forget about it altogether.

If your code is on a computer outside your physical control, there is
_nothing_ you can do to prevent someone from "peeking" at it. Checking
for a debugger is even less useful, because it will have no effect on
someone looking at your code when it's not executing (e.g. Reflector or
other disassembler).

At best, you simply introduce one minor hurdle for a hacker to traverse,
and at worst you run the very real risk of interfering with legitimate
uses of your software.

With respect to copy-protection generally (which is basically what you're
talking about) consider that the cost in terms of effort and potential
side-effects cannot exceed the benefit to someone else if they should
manage to get through your protection, otherwise you've spent more than
any breach would cost you. On the other hand, if your code has a value to
justify a certain cost in protecting it, it has enough value to justify an
attack bypassing your protections.

Once you realize that it is literally impossible to protect your code from
attackers if your code is allowed onto a computer that is not under your
postive control, it becomes clear that no form of client-side copy
protection is cost-effective.

If you have business logic that must be protected (and frankly, it's
unlikely you do...that's an extremely rare scenario), then you should
implement that business logic in a way that it only ever has to be present
on a computer under your positive control. For example, make it a
web-based service (see Google search, for example).

Pete
 
Back
Top