CheckCodeIntegrity macro

<< Click to Display Table of Contents >>

Navigation:  Themida > SecureEngine® Macros >

CheckCodeIntegrity macro

The CHECK_CODE_INTEGRITY macro allows you to check if the code section of your protected application has been patched in runtime (using for example an memory patcher). This macro offers communication between the protected application and the SecureEngine protection.

 

NOTE: The current version of SecureEgine® does not support this macro for .NET languages or Visual Basic applications.

 

The CHECK_CODE_INTEGRITY macro can be called from inside other macros. In fact, it's highly recommend to call the CHECK_CODE_INTEGRITY macro from inside VM macros.

 

The CHECK_CODE_INTEGRITY macro has a special syntax:

 

CHECK_CODE_INTEGRITY (user_variable, user_value)

 

Where "user_variable" is any local or global variable in the application and "user_value" is any immediate value (constant value). The way that it works is the following:

 

The CHECK_CODE_INTEGRITY macro is called.

 

SecureEngine takes control of the processor and make special checks to know if the code section of your application has been patched.

 

If the code section of the application is not patched, SecureEngine sets "user_variable" equal to "user_value".

 

If the application is patched, SecureEngine does not set "user_variable". You should take care of initializing "user_variable" to something else from "user_value".

 

SecureEngine returns control to the protected application. The protected application should check the value of "user_variable" and execute the desired action if the code section of the application has been patched.

 

If you detect that the code section of your application has been tampered, please, consider the following practices:

 

Avoid taking an immediate action, like displaying a message or crashing the application. If you take an immediate action, the cracker will know where the problematic code is located and will focus all his attention at that point, trying to figure out the root of the problem in that code.

 

Avoid displaying messages saying that the application has been tampered. Instead, make a "late" crash (see below) or display a strange error message at a later point in your application.

 

Produce a "late crash" or malfunction. That is, if you detect that your application has been tampered, you mark special variables (or similar action) in your code. At a later point in your application, you crash your application or initialize further structures in a wrong way, so, your application won't work as expected. For example, suppose that you are protecting a CD burning application. When your application is initializing, you call "CHECK_CODE_INTEGRITY" macro to determine if the application code is patched or not. If it's patched, you won't take any action yet, but instead, you will wait for the CD recording process to burn random or incorrect data into the CD.

 

Use VM or macros in all those places where you call CHECK_CODE_INTEGRITY and where you check if the application code was patched. Also, if you decide to produce a "late" crash or malfunction, that code which produces the crash or malfunction should go inside VM or CodeReplace macros.

 

Click to expand/collapseShow C/C++ Macro Usage
Click to expand/collapseShow Delphi Macro Usage

 

 

Advises about how to use this macro

 

Put the CHECK_CODE_INTEGRITY macro inside VM macros.

 

You should call the CHECK_CODE_INTEGRITY at specific points in your application code. You could also call it from a thread which calls that macro periodically (once each 30-60 seconds).

For applications with a big code section, this macro might take some time to be executed. If you want to increase the speed when calling this macro, you can insert the following option in the Advanced Options panel:

 

OPTION_MACROS_FAST_CHECK_CODE_INTEGRITY=YES