Encrypted Pointer - Documentation

TL;TR

The Encrypted Pointer module implements a compile time C/C++ pointer encryption and obfuscation to hide your static C/C++ pointers such as any sensitive class instance.

Every encrypted pointer uses unique generated keys and primes in every single software build. This sort of protection guarantees a high hurdle and wall against potential attackers, since the protection is unique by pointer and build.

Problem: pointers.

Having access to class instances pointers gives attackers an easy way to remote-read memory from your software. Once successfully reverse-engineered most members of “core classes” never change. This way attackers can easily read or modify memory of members in your classes. Such techniques are often seen in game-bot and hack development but also in many other places where access to raw memory is helpful to an attacker.

class Player {
	int _health = 0;
	int _maxHealth = 0;
	...
};
Player* gPlayerInstance = new Player();

As you can see – in this code we initialize some player class including sensitive information such as health points and maximum health.

How is this code an issue?

While you can do this – or similar things – and it is absolutely fine – it is easy for attackers to automatically extract or modify your health/max health points because the gPlayerInstancevariable is a pointer that can be easily accessed and found during reverse engineering.

Solution: encrypted pointers.

As discussed earlier in this page we provide a compile-time obfuscation to all kinds of pointers.

This compile-time buffer obfuscation brings the following advantages:

Below is a minimal example that shows how to useantispy SDK – Encrypted Pointer module.

class Player {
	int _health = 0;
	int _maxHealth = 0;
	...
};
libantispy::encrypted_pointer<Player> gPlayerInstance = new Player(); 

We have changed one line of code that changes the initialization of the pointer and everything else just works ‘as is’, though the code that the compiler is about to generate is totally different since the pointer is always obfuscated (encrypted).