Prevent reverse engineering of DLLs

What are the best practices to prevent reverse engineering of DLLs?

Best practices include the following:

  • Use obfuscators.
  • Do not store any data (string, etc) in open form. Always compress or encode it.
  • Use a static link so there is no DLL to attack.
  • Strip all symbols.
  • Use a .DEF file and an import library to have anonymous exports known only by their export ids.
  • Keep the DLL in a resource and expose it in the file system (under a suitably obscure name, perhaps even generated at run time) only when running.
  • Hide all real functions behind a factory method that exchanges a secret (better, proof of knowledge of a secret) for a table of function pointers to the real methods.
  • Use anti-debugging techniques borrowed from the malware world to prevent reverse
    engineering (Note that this will likely get you false positives from AV tools).
  • Use protectors.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: