C ++加密内存中的变量
[英]C++ Encrypt variables in memory
问题描述
EDIT: I've considered this more and decided it would be better and easier to just encrypt the variable in the memory and when I want to use it just decrypt it. 
编辑:我更多地考虑了这一点,并决定只更新和更容易加密内存中的变量,当我想使用它只是解密它。 I've tried using the following code: 我尝试使用以下代码:
DWORD blockSize = CRYPTPROTECTMEMORY_BLOCK_SIZE;
int* protectedBlock = (int*)LocalAlloc(LPTR, (SIZE_T)blockSize);
protectedBlock[0] = 1234;
printf("Before encryption: %d\n", protectedBlock[0]);
// OUTPUT: 1234
CryptProtectMemory(protectedBlock, blockSize, CRYPTPROTECTMEMORY_SAME_PROCESS);
printf("After encryption: %d\n", protectedBlock[0]);
// OUTPUT: The encrypted string
CryptUnprotectMemory(protectedBlock, blockSize, CRYPTPROTECTMEMORY_SAME_PROCESS);
printf("After decryption: %d\n", protectedBlock[0]);
//OUTPUT: 1234
SecureZeroMemory(protectedBlock, blockSize);
LocalFree(protectedBlock);
It works fine when I want to encrypt an integer, but when I try to use a string (LPCSTR) the string still stays in the memory. 当我想加密整数时它工作正常,但是当我尝试使用字符串(LPCSTR)时,字符串仍然保留在内存中。 This is the code I use: 这是我使用的代码:
DWORD blockSize = CRYPTPROTECTMEMORY_BLOCK_SIZE;
LPTSTR* protectedBlock = (LPTSTR*)LocalAlloc(LPTR, (SIZE_T)blockSize);
protectedBlock[0] = (LPTSTR)"Test String";
printf("Before encryption: %d\n", protectedBlock[0]);
CryptProtectMemory(protectedBlock, blockSize, CRYPTPROTECTMEMORY_SAME_PROCESS);
printf("After encryption: %d\n", protectedBlock[0]);
// OUTPUT: The encrypted string
CryptUnprotectMemory(protectedBlock, blockSize, CRYPTPROTECTMEMORY_SAME_PROCESS);
cout << "After decryption: " << (char*)protectedBlock[0] << endl;
//OUTPUT: Test String
SecureZeroMemory(protectedBlock, blockSize);
LocalFree(protectedBlock);
2 个解决方案
解决方案1
2 2019-03-22 22:29:50
Which "memory". 哪个“记忆”。 CPU registers, ram, cache memory, a swap disk etc. What you are asking is a complicated issue that you could probably write a book on. CPU寄存器,RAM,缓存,交换磁盘等。您所问的是一个复杂的问题,您可能会写一本书。
In truth its probably only feasable (and thats debatable) in assembly where you can be sure the compiler isnt doing some type of optimisation you don't know about. 事实上,它可能只在程序集中可行(并且有争议),你可以确定编译器没有做你不知道的某种类型的优化。 Even this doesnt always stop cpu registers / cache etc. 即使这并不总是停止CPU寄存器/缓存等。
The real question you should ask yourself is who or what you are trying to protect it from. 你应该问自己的真正问题是你想要保护它的人或者是什么。
Something here to get you started on a small amount of the issues you have to address. 这里有一些东西可以帮助您解决一些您必须解决的问题。
Safe Clearing of Private Data 安全清除私人数据
I would look first at maybe encrypting variables in memory (which in itself can be a large topic). 我首先要考虑加密内存中的变量(这本身可能是一个很大的主题)。
Google and some reading is your friend here. 谷歌和一些阅读是你的朋友。
解决方案2
1 2019-03-23 00:56:40
protectedBlock[0] = (LPTSTR)"Test String";
This is wrong for two reasons: 这有两个原因:
By using the string literal
"Test String"in your code, you make that a string literal that is part of your program.通过在代码中使用字符串文字"Test String",可以使字符串成为程序的一部分。 You will have to assemble the string in memory some other way.你必须以其他方式在内存中组装字符串。 A
LPSTRis a long pointer to a string.LPSTR是指向字符串的长指针。 So you put in the protected block a pointer to a string.所以你在受保护的块中放入一个指向字符串的指针。 Then, by protecting the block, you protected that pointer. 然后,通过保护块,您保护该指针。 But the pointer wasn't what you wanted to protect, you wanted to protect the string itself. 但指针不是你想要保护的,你想要保护字符串本身。 So you need to put the string data itself into the protected block, not a pointer to it. 因此,您需要将字符串数据本身放入受保护的块中,而不是指向它的指针。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.