No Anti-Reversing / Anti-Debugging Techniques

Document ID : KB000106907
Last Modified Date : 17/07/2018
Show Technical Document Details
Issue:
After a quality control, the quality team states: 

"Application does not implement any mechanism for Anti-Reversing / Anti-Debugging. Malicious users with their knowledge of reverse engineering can reverse or debug the applications with intentions like understanding application logic for carrying out unscrupulous activities, understanding how serial or license is processed by the application, to remove a protection from a trial version etc. Apart from making an application obfuscated using compressors and packers, there are also other methods for protecting it against debugging and reversing" 

The answer in the previous ticket was: 

"To avoid this further in Plex built application, invoking Windows API 'SetErrorMode' for C++ (as part of source code object) can help to achieve the required result." 

I'm not sure how to implement this, can give an example?
Resolution:
As of today there is no check for stopping the debugger in Plex built application execution. On other hand this feature is quite useful to debug the generated code for any error/crash. 

As part of a workaround, invoking following two Source code objects will help in achieving the desired results. 

Within Plex C++ application, implement the following two source code objects. 

Source code object #1. 
- Create source code object with following source code. 
Note: Call this source code object in startup of your application. 
//This API will change the application behavior in abnormal termination. Following API call suppresses the system Windows Error Reporting dialog. 

// SetErrorMode function - https://msdn.microsoft.com/en-us/library/windows/desktop/ms680621(v=vs.85).aspx 
// Controls whether the system will handle the specified types of serious errors or whether the process will handle them. 
// SEM_NOGPFAULTERRORBOX - The system does not display the Windows Error Reporting dialog. 
SetErrorMode(SEM_NOGPFAULTERRORBOX); 


Source code object #2. 
- Create source code object with following source code. 
Note: Call this source code object in some common function which keeps getting invoked/executed in your application. 
//This code will check whether application is being debugged – if so, terminate the process. 

If ( IsDebuggerPresent() ) //If application/process is being debugged. Try to terminate the process. 

DWORD pId = GetCurrentProcessId(); //Get application process id. 
CString strMsg; 
strMsg.Format("No debugging allowed! Terminating the process as being debugged, ProcessID: '%d' ", pId); 
AfxMessageBox(strMsg); 
ExitProcess(1); 


----------------------