During the development of certain applications, e.g., graphical applications, software developers often use performance tools provided by hardware developers to debug and optimize applications. These performance tools not only provide information about how a specific application is running on a given computer system, but also information about the hardware running the application. For example, a performance tool may enable a software developer to determine how specific commands affect the performance of a given application, while also providing information about hardware bottlenecks.
Despite the utility that performance tools provide to developers of Direct3D and OpenGL applications, the methods used to obtain information may provide an unauthorized user insight into the intellectual property of the application, hardware drivers, and/or the hardware itself. For example, hardware and software counters are commonly used to provide information on a per-frame basis. Hardware counters provide data directly from various points inside the GPU, while software counters give insight into the state and performance of the driver. As such, an unauthorized user able to intercept the counters may then reverse-engineer the graphical application, hardware drivers, and/or the hardware itself.
Despite conventional security measures implemented by hardware developers, unauthorized users employ several methods to usurp the conventional measures and gain access to the information provided by the performance tools. One commonly-used method, referred to as DLL injection, allows an unauthorized user to load unauthorized code (e.g., as an executable file or a dynamic link library) into the process space of a graphical application such that the code can receive and report the hardware and software counters as the graphical application runs.
A second method involves using a LoadLibrary function in the unauthorized application to load the graphical application. The unauthorized application would perform the appropriate actions to satisfy the security measures, and then call the LoadLibrary function to load and subsequently run the graphical application. While the graphical application is running, the unauthorized application would be able to collect the hardware and/or software counters, thereby enabling reverse engineering.
A third method, similar to the second, involves performing a raw read of the graphical application into memory as a binary data file. The unauthorized application would again satisfy the security requirements and read the target graphical application into memory. Thereafter, once the authorized application has been loaded, the unauthorized user may call into the memory space to run the application while collecting the hardware and/or software counters.
A fourth method takes advantage of the fact that the hardware and software counters are a system-wide resource, giving insight into any and all applications running on the system. Accordingly, the unauthorized application would be run, satisfy the security requirements, and begin collecting the hardware and/or software counters without performing any graphical operations. Thereafter, the unauthorized user may simultaneously run the graphical application to collect the hardware and/or software counters and gain insight into the hardware and/or the graphical application.