如何在 exe 或 dll 中隐藏字符串?

我发现可以从二进制文件中提取硬编码的字符串.
例如,Process Explorer 的属性视图显示所有超过3 个字符.

I discovered that it is possible to extract the hard-coded strings from a binary.
For example the properties view of Process Explorer displays all the string with more than 3 characters.

这是我编写的一个简单可执行文件的代码,用于简单测试:

Here is the code of a simple executable that I wrote to simply test it:

#ifndef _WIN32_WINNT
#define _WIN32_WINNT 0x0501
#endif
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>

int _tmain(int argc, _TCHAR* argv[])
{
    _TCHAR* hiddenString1 =_T("4537774B-CC80-4eda-B3E4-7A9EE77991F5");
    _TCHAR* hiddenString2 =_T("hidden_password_or_whatever");
    for (int i= 0; i<argc; i++) {
        if (0 == _tcscmp(argv[i],hiddenString1)) {
            _tprintf (_T("The guid argument is correct.
")); }
        else if (0 == _tcscmp(argv[i],hiddenString2)) {
            _tprintf (_T("Do something here.
")); }
    }

    _tprintf (_T("This is a visible string.
"));
    //Keep Running
    Sleep(60000);
    return 0;
}

可以从相应的可执行文件中清楚地提取字符串:

The strings can clearly be extracted from the corresponding executable:

我认为找到字符串有点太容易了.

I think that it is a little too easy to find the strings.

我的问题是:

  1. 如何简单地隐藏hiddenString1或hiddenString2可执行文件?
  2. 有没有更安全的使用作弊码"的方式比一些晦涩的隐藏输入?

推荐答案

欢迎来到更广阔的防御性编程世界.

Welcome to the wider world of defensive programming.

有几种选择,但我相信所有这些都取决于某种形式的混淆;虽然不完美,但至少是一些东西.

There are a couple of options, but I believe all of them depend on some form of obfuscation; which, although not perfect, is at least something.

  1. 您可以以其他二进制形式(十六进制?)存储文本,而不是直接的字符串值.

  1. Instead of a straight string value you can store the text in some other binary form (hex?).

您可以加密存储在应用中的字符串,然后在运行时解密它们.

You can encrypt the strings that are stored in your app, then decrypt them at run time.

您可以将它们拆分到代码中的各个点,然后重新构建.

You can split them across various points in your code, and reconstitute later.

或者它们的某种组合.

请记住,有些攻击比查看实际二进制文件更进一步.有时他们会在程序运行时调查程序的内存地址空间.MS 想出了一个叫做 SecureString in .Net 2.0.目的是在应用程序运行时保持字符串加密.

Bear in mind, that some attacks go further than looking at the actual binary. Sometimes they will investigate the memory address space of the program while it's running. MS came up with something called a SecureString in .Net 2.0. The purpose being to keep the strings encrypted while the app is running.

第四个想法是不要将字符串存储在应用程序本身中,而是依靠将验证代码提交给您控制的服务器.在服务器上,您可以验证它是否是合法的作弊码".

A fourth idea is to not store the string in the app itself, but rather rely on a validation code to be submitted to a server you control. On the server you can verify if it's a legit "cheat code" or not.

相关文章