I want not to let my program debugged . I have a second thread that repeatedly checks whether a debugger is attached or not :
while(1){
BOOL isDebugged = IsDebuggerPresent();
if(isDebugged){
//exit from my app
}
//and then check CheckRemoteDebuggerPresent()
}
I want to know whether this method is secure or not? Can someone debug my app even with this protection? Is there better way ?
Edit :
Actually I have a hardware security token. I want to protect my app from being copied . But I've heard that a simple true/false checking using the token will be broken by debugging the app
There will always be ways to get around any protection you put in place, the only thing you can do is make it difficult enough that any attacker will get too frustrated and declare it is not worth his time to try and reverse engeneer your software. It is just a matter of how much time/money is it worth it to you to keep that one extra person from trying.
To answer if just checking IsDebuggerPresent safe? I have bypassed that exact security measure in software I have had to reverse engineer by decompiling the code with OllyDbg finding any imports to the IsDebuggerPresent function and patching the exe to just return false instead, it took me about 15 minutes to get around the protection. Someone who is "Experienced" in reverse engineering likely could have done it in 5.
The only thing you can do is "Raise the bar" to keep your program from being reverse engineered, here are a few suggestions:
Some of these solutions (like detecting if a debugger is running) may piss off legitimate users who use debuggers for other software but are not trying to use it on your software, so you need to weigh the costs.