View Full Version : Program detects hack attempt?
book
December 22nd, 2005, 06:06
Hi. What are the risks of trying to debug something - As in, whats the most extreme action a program will generally take, if it realises its being debugged?
LLXX
December 22nd, 2005, 06:34
There are no limits. It could be as benign as closing and/or deleting itself, to attempting to corrupt your Windows registry, delete arbitrary files, and format your hard drive. Here's a particularly malicious example from Fravia's malware page (http://fravia.com/boobytra.htm):
Quote:
Later versions after v2.71X, would do severe system damage if it detected use of that keymaker:
1) Overwrites win.ini, system.ini, user.dat, and system.dat.
2) Overwrites user.da0 and system.da0 (registry backup files).
This will render your system unbootable, and within seconds of doing this you
will get a registry error message, prompting you to reboot. At that point it is too late.
Incredibly, all those system files are backed up by the program (with different names, in the program directory) after it does this, so if you keep cool you can still restore your system. |
Treat it with great respect. It helps greatly to use a virtual machine e.g. VMware.
Peres
December 22nd, 2005, 08:44
book, it may even steal your gal! Watch your back!
Peres
SiGiNT
December 22nd, 2005, 11:58
Even worse it could steal your toilet paper! - actually I suspect my recent hard-drive problem was related to debugging - I don't think it was malicious - I just messed with something enough to corrupt a hard-drive sector.
SiGiNT
book
December 22nd, 2005, 23:30
But seeing as it says on fravias page that the most destructive things programs can do are illegal, would you expect that it would be 'safe' to debug extremely well-known programs? That is, is the really nasty stuff only used by small programs, or programmers working by themselves?
LLXX
December 23rd, 2005, 01:24
I wouldn't consider any program as being safe unless I've put it in a disassembler and read through every line of it.
Always assume the worst. It's better to be overly careful than to risk have your data wiped out by a malicious program. Do your debugging in a VMware box, or even better, on a sacrificial machine with no data of any value.
Peres
December 23rd, 2005, 04:36
If we put a little bit of common sense in the mix, we can assume that "extremely well-known" software (as book names it) typically doesn't screw up your machine when you try to debug it. You never can tell, though, so I won't be responsible if something bad happens to your data anyhow.
Peres
naides
December 23rd, 2005, 08:30
@book:
Debugging is a necessary and intrinsic part of software development. You can safely assume that all software modules have been debugged at one time or another.
Antidebugging protection is a RELATIVELY recent feature and a late add-on in the protection phase of development.
The majority of software can be debugged but a small group have traps in it. The problem is knowing which ones.
So, a touch of paranoia is a good thing, it is not to be taken to extremes.
Silver
December 24th, 2005, 12:16
It is extremely unlikely that much software will include destructive protection. Developers have to weigh protecting their app against destroying the system of a legitimate user. There are many legitimate uses for rce tools (indeed RCE itself is not intrinsically illegal) and the risk of protection misinterpreting a user's actions (for example, legitimately breaking with sice to debug something else) then destroying the o/s is serious and dangerous. In some countries I'm sure it would border on illegal.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.