带有反调试代码的第三方库
[英]third party library with anti-debug code
问题描述
We are using a third party library for our program (desktop application written in c++), library is protected with anti-debug code, encryption/decryption layers, garbage code, triggered exceptions and other anti-debugging techniques which makes it impossible to work on debug mode (on Visual Studio 2010). 
我们正在为我们的程序(用c ++编写的桌面应用程序)使用第三方库,库受到反调试代码,加密/解密层,垃圾代码,触发异常和其他反调试技术的保护,这使得它无法工作调试模式(在Visual Studio 2010上)。
There are only two functions I use in the library, rest of the code is getting bigger and bigger but because I can not run it on debug mode it's getting harder and slower to develop. 我在库中只使用了两个函数,其余代码越来越大,但由于我无法在调试模式下运行它,因此开发越来越难。 So my question is what could be a practical approach to separate this library from my application and work with debug support, but still be able to use these two functions, as we need them for our application. 所以我的问题是将这个库与我的应用程序分开并使用调试支持的实用方法是什么,但仍然可以使用这两个函数,因为我们需要它们用于我们的应用程序。
2 个解决方案
解决方案1
2 2013-06-04 10:48:46
如果仅使用受保护库中的少数函数,则可以使用与受保护库中相同的接口创建自己的库,并使用某些存根数据实现这些函数。
解决方案2
2 已采纳 2013-06-04 14:39:34
If you need to debug with the real behavior of your library (ie you cannot mock it up), I suggest you to encapsulate the library in a small executable that publish the two function through some kind of inter-process communication (ZeroMQ...). 如果你需要调试你的库的真实行为(即你不能模拟它),我建议你将库封装在一个小的可执行文件中,通过某种进程间通信发布这两个函数(ZeroMQ ... )。
In your software, implement a wrapper that publishes an interface that looks like the original library and calls the executable though your inter-process communication. 在您的软件中,实现一个包装器,该包装器发布一个看起来像原始库的接口,并通过进程间通信调用可执行文件。
Since the library is in a distinct executable, it will not prevent you from debugging your program. 由于库是一个独特的可执行文件,它不会阻止您调试程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.