How to prevent sensitive information is displayed when the extension 'exe' is modified to 'txt' on windows?

[H. S. Teoh via Digitalmars-d-learn]

On Wed, Jan 07, 2015 at 08:36:19PM +0000, Baz via Digitalmars-d-learn wrote:
> On Wednesday, 7 January 2015 at 17:57:18 UTC, H. S. Teoh via
> Digitalmars-d-learn wrote:
[...]
> >Note that these encryption/decryption schemes can only serve as
> >deterrent to the casual user, they do not prevent a determined
> >attacker from decrypting the sensitive data.  As long as the data is
> >decrypted on the user's machine, the user can read it.
[...]
> You're right, it works against "static analysis" (disassembly) but in
> a debugger, the attacker can track the content of the stack because
> before being used, the data **have** to be decripted somewhere, so
> before a CALL he detects the data put as parameter, then he tries to
> find where they are generated (e.g put a breakpoint on each dword
> xxxx... or by putting a breakpoint on memory access for a particular
> address).  As said before by other people in this topic, you cant do
> anything againt someone who really wants to get the thing, but you can
> reduce the amount of people able to to do it.

Right, like I said, it deters a casual user, but won't stop a determined
attacker. Unfortunately, all it takes is for *one* determined attacker
to publish his findings, and your secret data is no longer so secret.

There *are* ways to make things hard even for a determined attacker,
though it comes at an increasingly higher cost that may not be worth the
effort, depending on what your program is doing. If it's just an online
game, it's probably not worth it. But if it's a banking app, you
probably wanna think about it reeeally hard...


T

-- 
My program has no bugs! Only undocumented features...