09-25-2018, 07:38 AM
i am using some cryptography inside my software , i understand that the keys needs to be zero out from the memory in order to prevent hackers to catch the key
but i feel this isn't enough , using ollydebug can also break the rule before memory getting cleared by stepping into the code
before the zeromemory called
is there any suggested way to harden some code function from being stepped by debuggers
i have tried to check if the application is running in debug environment using IsDebuggerPresent but this easly can be bybassed by ollydebug plugins
is there something extra can be done ?
but i feel this isn't enough , using ollydebug can also break the rule before memory getting cleared by stepping into the code
before the zeromemory called
is there any suggested way to harden some code function from being stepped by debuggers
i have tried to check if the application is running in debug environment using IsDebuggerPresent but this easly can be bybassed by ollydebug plugins
is there something extra can be done ?