C#: Location of const variable in a binary

Question

Is it possible to know the location of const variables within an exe? We were thinking of watermarking our program so that each user that downloads the program from our server will have some unique key embedded in the code.

Is there another way to do this?

Answer 1

Key consideration #1: Assembly signing

Since you are distributing your application, clearly you are signing it. As such, since you're modifying the binary contents, you'll have to integrate the signing process directly in the downloading process.

Key consideration #2: const or readonly

There is a key difference between const and readonly variables that many people do not know about. In particular, if I do the following:

private readonly int SomeValue = 3;

...
if (SomeValue > 0)
    ...

Then it will compile to byte code like the following:

ldsfld [SomeValue]
ldc.i4.0
ble.s 

If you make the following:

private const int SomeValue = 3;

...
if (SomeValue > 0)
    ...

Then it will compile to byte code like the following:

{contents of if block here}

const variables are [allowed to be] substituted and evaluated by the compiler instead of at run time, where readonly variables are always evaluated at run time. This makes a big difference when you expose fields to other assemblies, as a change to a const variable is a breaking change that forces a recompile of all dependent assemblies.

My recommendation

I see two reasonably easy options for watermarking, though I'm not an expert in the area so don't know how "good" they are overall.

1. Watermark the embedded splash screen or About box logo image.
2. Watermark the symmetric key for loading your string resources. Keep a cache so only have to decode them once and it won't be a performance problem - this is a variable applied to a commonly used obfuscation technique. The strings are stored in the binary as UTF-8 encoded strings, and can be replaced in-line as long as the new string's null-terminated length is less than or equal to the length of the string currently found in the binary.

Finally, Google reported the following article on watermarking software that you might want to take a look at.

Answer 2

You could build a binary with a watermark that is a string representation of a GUID in a .net type as a constant. After you build, perform a search for the GUID string in the binary file to check its location. You can change this GUID value to another GUID value and then run the binary and actually see the changed value in code output.

Note: The formatting is important as the length would be very important since you're messing with a compiled binary. For example, you'll want to keep the leading zeros of a GUID so that all instances have the same char length when converted to a string.

i have actually done this sort of thing with Win32 DLLs and even the Sql Server 2000 Desktop exe. (There was a hack where you could switch the desktop edition into a full blown SQL server by flipping a switch in the binary.)

This process could then be automated and a new copy of a DLL would be programmatically altered by a small, server-side utility for each client download.

Also take a look at this: link

It discusses the use of storing settings in a .Net DLL and uses a class-based approach and embeds the app settings file and is configurable after compilation.

Answer 3

In C++ (for example):

#define GUID_TO_REPLACE "CC7839EB7EC047B290D686C65F98E0F4"
printf(GUID_TO_REPLACE);

in PHP:

<?php
exec("sed -e 's/CC7839EB7EC047B290D686C65F98E0F4/replacedreplacedreplacedreplaced/g' TestApp.exe > TestAppTagged.exe");
?>

If you stick your compiled binary on the server, visit the php script, download the tagged exe, and run it...you'll see that it now prints the "replaced" string rather than the GUID :)

Note that the length of the replaced string must be identical to the original (32 in this case), so you'll need to pad the length if you want to tag it with something shorter.

Answer 4

I'm not sure what you mean by "location" of a const value. You can certainly use items like reflection to access a const field on a particular type. Const fields bind like any other non-instance field of the same accessibility. I don't know if that fits your definition of location though.