LogoLogo
  • Welcome to Cyphor
  • .NET Code Obfuscation
    • Getting Started
    • How to Obfuscate
    • Basic Code Obfuscation
      • Symbol Renaming
      • Body Mutation
      • Control Flow
      • Constant Encryption
      • Call Hiding
      • Debug Protection
      • Integrity Checks
      • Self Healing
    • Advanced Obfuscation
      • Attribute-Based Obfuscation
      • Guide to obfuscation
      • Code Inlining
      • What is RASP?
      • Protections that protect each other
      • Program not working after obfuscation
      • Keeping performance with obfuscation
      • Virtualization
  • Dashboard
    • Files
    • Billing
      • Pay as you go
      • Examples
    • Projects
      • Code Guard Tasks
      • Permissions
        • Roles
      • Files
      • SAML and SSO
  • Code Guard
    • Introduction
    • Implement with your licensing system
      • Setting up a gateway
      • Setting up the SDK
    • Secured values
      • Dynamic values
      • Code Encryption
        • Page 1
    • Preventing analysis
    • Enhanced visibility
      • Disabling tracing on production
      • Logging external methods
      • Optimizing Memory Usage
    • Edge connectivity
    • Preventing modifications
      • Preventing assembly load
      • Allowing partial tampering
      • Enterprise EDRs and XDRs
      • Dynamic Hook protection
      • Thread hijacking
      • Guard Checksums
      • DLL Injection
      • Handling complex RE attacks
        • Custom payload detection
    • Granular Integrity Checks
    • Virtualized Environments
    • Troubleshooting
    • Threat database
    • Real time alerts
      • Alert Insights
  • CLI Tool
    • Introduction
    • Global options
    • Profiles
    • Projects
    • Obfuscator
      • Obfuscation Schemes
      • Task templates
      • Protecting files
        • Global obfuscation flags
        • Using templates to obfuscate files
        • Quick obfuscation
      • Monitoring obfuscation jobs
    • Securing local storage
Powered by GitBook
On this page
  • Hooking vs Thread hijacking
  • Preventing thread hijacking

Was this helpful?

  1. Code Guard
  2. Preventing modifications

Thread hijacking

Thread hijacking is a technique used by hackers and reverse engineers to manipulate the execution flow of a program. It involves intercepting and redirecting the execution of a program's threads to a different location, allowing the attacker to control the program's behavior.

By redirecting a program's execution flow, an attacker can bypass code that checks for tampering or enforces licensing restrictions, allowing them to use the software without purchasing a license or otherwise obtaining authorization.

Thread hijacking can also be used to bypass self-defense mechanisms.

Hooking vs Thread hijacking

Hooking and thread hijacking are both techniques used to manipulate the execution flow of a program, but they are different methods with different characteristics.

Hooking is used to intercept and redirect the execution flow of a program by modifying its memory space or system calls, while thread hijacking is used to intercept and redirect the execution flow of a program by manipulating its threads.

Preventing thread hijacking

Codeguard has the capability to detect and prevent thread hijacking.

It's important to note that Codeguard's thread hijacking detection capabilities may temporarily suspend the thread being analyzed, which can negatively affect performance.

We recommend enabling this feature only if you have received or are currently experiencing tampering attacks on your software. This way, you can ensure that your software is protected without sacrificing performance.

PreviousDynamic Hook protectionNextGuard Checksums

Last updated 1 year ago

Was this helpful?