1. Technical Field
The current invention is generally applicable to software designs of all types, but is especially useful in software to be run on general-purpose computers, such as Personal Computers (PCs). It is relevant to designs for which reverse-engineering of executing images of the software pose a risk, either of the software itself or the data being processed by the software.
The science of reverse-engineering to allow unauthorized knowledge or data access of a given software element or data being processed by the element is colloquially termed “hacking,” those involved in the science are referred to has “hackers.” Over the years, especially since the introduction of low-cost personal computers, both the sophistication of software and the value of the data being processed by that software have grown tremendously. Accordingly, the expended effort and sophistication of hackers has grown correspondingly. Modern day hackers have a vast arsenal of software tools and technical expertise to draw upon. The effort to protect both software itself and the data processed by that software has become increasingly more difficult and elaborate.
So advanced has the skill at protecting software from hacking become that “static” disassembly of disk files is often insufficient to the needs of hackers; distributing tasks among threads can impede such disassemblies often to the point of making them not worthwhile unless no other option exists. Thus, hackers have now turned to analyzing the executing image of software in an effort to understand how to gain access where the software's designer does not want uncontrolled access. In modern systems, a primary goal of the hacker is discovering the location of “interesting” data. Frequently, this data is considered “valuable” (in that it is copyrighted, contains sensitive information, etc.), and one real goal of a hacking effort is to gain access to this data, rather than put significant concern on how the software in question actually works.
To accomplish this, the hacker monitors various addresses in the computer's memory which are being accessed heavily. These “hot spots” could very likely be the location of the data the hacker wants to “pirate.” Programs typically put data variables and buffers in the same addresses each time the program is run, so if a hacker discovers these addresses, he is a long way towards having a reliable vehicle for data piracy. Since the use of variables and buffers is unavoidable in practical software designs, the only viable way to block this form of hacking is to remove the consistency of their memory addresses, meaning that even if the hacker does determine the address of “interesting” data on one run of the software, those addresses won't be valid on subsequent runs. The hacker would be forced to determine the addresses of the “interesting” data each time the program is run, which is vastly more difficult. If combined with techniques to deter the program from being run under a debugger, a major weapon in the hacker's arsenal has been disabled.
2. Description of the Prior Art
Efforts to prevent hacking of both software and the data they are processing are probably as old as computers themselves. Each year the “ante gets upped”, as both the designers of software and their competitors in the hacker communities become ever more sophisticated and knowledgeable. Every year sees the introduction of yet more powerful software tools that can be wielded with substantial effect by hackers.
The inventor of the current invention has been involved in the field nearly as long as the personal computer has been available, and is familiar with many of the “standard” techniques for deterring successful hacking. These include randomizing the size of allocated memory blocks, encrypting and incrementally decrypting components of a software entity, implementing a software component as an interpreter and making the mapping from the interpreted code to the actual implementation as disjoint as possible, use of “excessive multithreading” to divorce cause and effect, and so forth. The inventor has not, up until now, seen a technique or proposal to deter hacking by randomizing the siting of stack-based data in a given thread, which is the subject of embodiments of the current invention.