CA Plex: No Anti-Reversing / Anti-Debugging Techniques

book

Article ID: 106907

calendar_today

Updated On:

Products

CA Plex

Issue/Introduction

After a quality control, the quality team states: 

"Application does not implement any mechanism for Anti-Reversing / Anti-Debugging. Malicious users with their knowledge of reverse engineering can reverse or debug the applications with intentions like understanding application logic for carrying out unscrupulous activities, understanding how serial or license is processed by the application, to remove a protection from a trial version etc.  Apart from making an application obfuscated using compressors and packers, there are also other methods for protecting it against debugging and reversing" 

"To avoid this further in Plex built application, invoking Windows API 'SetErrorMode' for C++ (as part of source code object) can help to achieve the required result."  Please explain this.

Environment

Release:
Component: CPLEX

Resolution

As of today there is no check for stopping the debugger in Plex built application execution. On other hand this feature is quite useful to debug the generated code for any error/crash. 

As part of a workaround, invoking following two Source code objects will help in achieving the desired results. 

Within Plex C++ application, implement the following two source code objects. 

Source code object #1. 
- Create source code object with following source code. 
Note: Call this source code object in startup of your application. 
//This API will change the application behavior in abnormal termination. Following API call suppresses the system Windows Error Reporting dialog. 

// SetErrorMode function - https://msdn.microsoft.com/en-us/library/windows/desktop/ms680621(v=vs.85).aspx 
// Controls whether the system will handle the specified types of serious errors or whether the process will handle them. 
// SEM_NOGPFAULTERRORBOX - The system does not display the Windows Error Reporting dialog. 
SetErrorMode(SEM_NOGPFAULTERRORBOX); 


Source code object #2. 
- Create source code object with following source code. 
Note: Call this source code object in some common function which keeps getting invoked/executed in your application. 
//This code will check whether application is being debugged – if so, terminate the process. 

If ( IsDebuggerPresent() ) //If application/process is being debugged. Try to terminate the process. 

DWORD pId = GetCurrentProcessId(); //Get application process id. 
CString strMsg; 
strMsg.Format("No debugging allowed! Terminating the process as being debugged, ProcessID: '%d' ", pId); 
AfxMessageBox(strMsg); 
ExitProcess(1); 


----------------------