The Theory Of Document Checks
Is it safe? The answer is that no, it is not as safe as other
protection methods. That is, because others can sneak easily into your
source and halt the checking routine. How is this achieved? There are two
methods (usually). First is to enter right before the doc check occurs
or while the doc check occurs.
To locate the source of the code that represents a certain action,
you should use a graphical debugger such as NumegaÆs SoftIce (copyrighted
program from Numega). Suppose that one breakÆs out on top of the doc check,
then itÆs easy to have a much better view of what is going on or else heÆll
have to do some extra work, figuring out how the routine works.
So you should prevent others from detecting the start point of your doc-check routine.
For a cracker, the object is to get to the very top level of the routine and either of the previously described methods should lead him there. Since breaking out before the doc check occurs, usually puts you on top of the protection routine, there isnÆt much work ahead. The object is to simply find the exact start of the check. To do this, itÆs enough to trace through the source code. Then just remove the exit part of the routine.
So, if you decide that a doc check routine is suitable for your product remember that you should try to confuse crackers as much as possible with garbage looping and meaningless functions.