I’ve had several situations come up where software I’ve written has been used without proper licensing. From some reading and research it appears that this was done using a technique called “Reverse Engineering” (RE). The top tools used to perform this seem to be InCtrl5, VMWare (..and other Virtual Machine products), REGMON and FILEMON.
To inhibit RE against my (our) software, does anyone have a method that I could use to check and see if my application(s) are running within a Virtual Machine? (I’ll of course include this in my license agreements…)?
Also, can someone point me to a ‘process walker’ that would allow me to scan running processes for InCtrl5, REGMON, and FILEMON? Finally, if my application does find these processes, and if my process has the correct privileges, is there a way to suspend these tasks while I start my application and then unsuspended the applications when my application finishes. (Again, I plan on putting into the basic license agreements that the user agrees to not run reverse engineering type applications while my application is running).
RE hurts us all. The above are the only items I can quickly think of to slow/inhibit the process. I kind of doubt there is anything we can do to eliminate the problem but let’s document some ways to make it much more difficult.
To inhibit RE against my (our) software, does anyone have a method that I could use to check and see if my application(s) are running within a Virtual Machine? (I’ll of course include this in my license agreements…)?
Also, can someone point me to a ‘process walker’ that would allow me to scan running processes for InCtrl5, REGMON, and FILEMON? Finally, if my application does find these processes, and if my process has the correct privileges, is there a way to suspend these tasks while I start my application and then unsuspended the applications when my application finishes. (Again, I plan on putting into the basic license agreements that the user agrees to not run reverse engineering type applications while my application is running).
RE hurts us all. The above are the only items I can quickly think of to slow/inhibit the process. I kind of doubt there is anything we can do to eliminate the problem but let’s document some ways to make it much more difficult.