This disclosure relates to a method for protecting software programs, and in particular to a method that protects software programs against attacks that use hardware breakpoints, or similar mechanisms, to compromise a program.
In releasing a software application for execution on end users' hardware, a program developer is effectively providing a user with complete access to the program code of that application. Unfortunately, it is a fact that some end-users will attempt to compromise a software application in order, for example, to obtain illegal copies, gain unlicensed access to certain features, steal intellectual property from the application, inject malicious code, or cheat in online games. Indeed, in the context of online gaming, which often seeks to support hundreds or thousands of players simultaneously over a network, the occurrence of online cheating can seriously undermine honest players' experience of the game. Free access to executable code by unauthorized users can often result in loss of intellectual property, and may provide the user with an easy means for probing the application for security vulnerabilities. Also, applications may be reverse-engineered and then modified to remove metering or usage control before being recompiled, ultimately resulting in a loss of revenue for the code provider.
Thus, the environment into which publishers release their programs can be considered to be a hostile one. There is therefore a need to protect programs from tampering or misuse, which may involve unauthorized modification and/or copying.
It has been recognized that hardware breakpoints may be used to perform unauthorized actions on a program. Typically, a hardware breakpoint is set by storing a memory address in a register (sometimes referred to as a “debug register”). When a running application accesses the memory at the stored memory address, the application is interrupted, and an exception is generated. The execution of the application code is halted, and a piece of user code is run. This mechanism is provided to allow for debugging of software. Thus, a legitimate user such as a software developer can set the hardware breakpoints such that debug operations can be performed when the application accesses the memory at one of the stored memory addresses. It should be noted that this mechanism, or something very similar, exists in many different processors and systems, although the terminology that is used to describe it may differ from one processor to another.
Although hardware breakpoints are provided to allow a legitimate user to perform a necessary function, it has also been suggested that hardware breakpoints may be set by a malicious user in such a way that illegitimate operations are performed when the application accesses the memory at one of the stored memory addresses.