软件保护将其数据存储在哪里?

发布于 2024-07-14 01:38:55 字数 1435 浏览 6 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

滴情不沾 2024-07-21 01:38:55

他们只是将其隐藏在难以找到的地方,例如在应用程序的数据文件中或注册表深处的某个地方。 因此,对于定时限制(运行到 4 月 4 日),您可以使用文件的日期或将安装日期写入注册表中的某个位置(不是通常的位置;它们将其写在驱动程序部分的一个奇怪的键下面,您有很多随机 64 个字符密钥)。 然后可以对这些密钥进行额外保护(删除任何人的写访问权限)。

不过,“次数”限制需要写入密钥,因此“有限访问”方案不起作用(或不利于保护)。 这些地方没有任何保护,但没有人知道信息存储在哪里。 一个好的地方是在一个巨大的数据文件中间的某个地方:这使得破解者很难找到,即使他们知道计数器一定在该文件中的某个地方。

也就是说,大多数优秀软件之所以畅销是因为它好,而不是因为它受到保护。

They just hide it somewhere where it is hard to find, for example in a data file of the application or somewhere deep in the registry. So for timed limits (runs until April, 4th), you can use the date of a file or write the installation date somewhere in the registry (not the usual places; they write it below an odd key in the drivers section where you have lots of random 64 character keys). These keys can then additionally protected (removing write access for anyone).

The "number of times" limits needs to write the key, though, so the "limited access" scheme doesn't work (or works against the protection). These places have no protection but the fact that no one knows where the information is stored. A good place is somewhere in the middle of a huge data file: That makes it hard for the cracker to find even when they figure out the counter must be somewhere in that file.

That said, most good software sells because it's good, not because it's protected.

老娘不死你永远是小三 2024-07-21 01:38:55

我相信可靠地完成此类工作的唯一方法是某种客户端-服务器方案。 例如,您的公司有一个许可证服务器,客户端软件每次运行时都会查询服务器。 当然,这需要有效的互联网连接,但这并不总是可用......

当然,您可以向注册表写入一些内容,但没有什么可以阻止用户对其进行修改。

I believe the only way do do this kind of stuff reliably is some kind of client-server scheme. E.g. your company has a license server, and the client's software queries the server every time it runs. Of course this requires a working internet connection, which is not always available...

Sure you can write something to registry, but nothing prevents the user modifying it.

海的爱人是光 2024-07-21 01:38:55

我知道一些保护机制需要以管理权限至少运行一次(例如在安装期间)。 我假设他们在非用户特定位置(例如在 HKEY_LOCAL_MACHINE 或 ProgramFiles 甚至 WinDir 下)设置了一个位置,并为(经过身份验证的)用户设置了对该位置的写入权限。

I know some protection mechanisms that require to be run with administrative privileges at least once (e.g. during installation). I assume they set up a place in a non-user-specific location (e.g. under HKEY_LOCAL_MACHINE or ProgramFiles or even WinDir) and also set write permissions for (authenticated) users to that location.

绿光 2024-07-21 01:38:55

“据我了解,具有正常用户权限的应用程序无法修改影响其他用户的地方” - 这句话是您误解的地方。

应用程序可以将此类信息存储在文件中、注册表中(在 Windows 下)甚至可能存储在其自己的代码或数据文件中。

例如,用户可以保存文本文件,以便其他用户可以或可以读取它。 权限可以使内容仅对一个用户保密,但代码通常可以免费使文件可供几乎任何操作系统上的任何用户读取。

"And I understand that an application with normal user rights cannot modify a place which affects other users" - this sentence is where you are misunderstanding.

The application can store this sort of information in a file, in the registry (under windows) or possibly even in its own code or data files.

For example, a user can save a text file so another user may or may read it. Permissions can keep things private to only one user, but code is usually free to make a file readable by any user on almost any operating system.

清风不识月 2024-07-21 01:38:55

我想知道这些方案可以用在什么地方
可能将他们的信息隐藏到
让它发挥作用吗?

至少在 Windows 下,注册表将是所有用户都可以访问的公共数据存储。

I wonder what place these schemes can
possibly hide their information in to
make it work?

At least under Windows, the registry would be the common data store accessible to all users.

断爱 2024-07-21 01:38:55

软件保护将计时赛信息存储到注册表或文件中。 您可以使用注册表和文件监视器等程序来快速了解从注册表或文件中读取此数据的尝试。
另一种方法是通过逆向工程。 通过使用调试器,您可以在用于此范围的众所周知的 win API 上放置断点,例如用于从注册表读取数据的 RegOpenKeyEx/RegQueryValueEx 以及用于从文件中读取信息的 CreateFile/ReadFile/GetFileSize 等。
您应该考虑在 MSDN 上阅读这些 API 的文档。

Software protections store time trial info either into the registry or into a file. You can use programs such as registry and file monitor in order to have a quick idea about the attempts of reading this data from the registry or from a file.
Another way is through reverse engineering. With the use of a debugger you can place breakpoints on the well known win APis that are used for this scope such as RegOpenKeyEx/RegQueryValueEx for reading data from the registry and CreateFile/ReadFile/GetFileSize etc in order to read info from a file.
You should consider reading the documentation of those API onto the MSDN.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文