密码可以从可执行代码中提取吗?
如果密码被硬编码到源代码(例如 VB)中的变量中,有人可以通过查看编译的可执行代码来提取该密码吗?
如果是这样,可以采取什么措施来避免这种情况?
If a password is hard-coded into a variable in source code such as VB, could someone extract this password by looking at the compiled executable code?
If so, what can be done to avoid this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
是的,有人可以。
没有什么可以避免它。混淆会使事情变得稍微困难一些。
在最坏的情况下,如果有人不理解您的混淆代码,他们可以在调试器中运行您的可执行文件,并在您使用它之前从内存中读取密码。
当然,解决方案是不要将重要密码硬编码到二进制文件中。
Yes, someone could.
Nothing can be done to avoid it. Obfuscation will make it slightly harder.
In the worst case, if someone didn't understand your obfuscated code, they could run your executable in a debugger and read the password from memory just before you use it.
The solution is, of course, not to hard-code important passwords into your binaries.
是的。通过观察调试器中执行的程序可以找到密码。如果您什么都不做,甚至可以通过在二进制文件中搜索文本来找到。
可以做什么?有一些反调试技术,例如混淆或反篡改机制,会导致可执行文件在调试时崩溃。混淆可能很容易实现。防篡改将会很困难。
Yes. The password could be found by watching the program execute in a debugger. If you do nothing, it might even be possible to find by searching for text in the binary file.
What can be done? There are anti-debugging techniques like obfuscation or anti-tampering mechanisms that will cause the executable to blow up when debugged. Obfuscation is probably easy to implement. Anti-tampering will be difficult.