Debugging a DLL

 

Just updated my MT4 version to build 229 and now I am not able to attach a debugger. "Debugger detected" them the terminal closes. So I thought I would give MT5 a go and I see the same problem. Looks like Themida Debug Guard.

This poses an impossible situation for library developers like myself. How are you supposed to write anything complex in a DLL if you can't debug it? I have invested 12 months building a library in MetaTrader 4 which is in final testing and now looking to migrate that to MetaTrader 5 but without a debugger that is a very tough proposition.

It is very frustrating, to have a feature available to developers, they invest a massive amount of time and resources only to have the rug pulled from under them!

Can someone from Metaquotes please please confirm what is the future direction in being able to debug dll's and/or what are the alternatives.

I think some sort of statement would only be fair.

 

try to find MT4 build 225, this is the latest version that has not yet this anti-debugger nonsense built into to it. I have managed to attach Olly to this build and it worked like a charm.

 
7bit:

try to find MT4 build 225, this is the latest version that has not yet this anti-debugger nonsense built into to it. I have managed to attach Olly to this build and it worked like a charm.




Thanks yes that is the one I am using, I keep pretty good backups.

The issue I am more concerned with is say it works fine on build 225 but clients find build 229 acts differently. Without the ability to debug it makes life very very difficult especially if you are dealing with multiple threads.

I can understand Metaquotes wanting to protect the product, I assume it is to protect the method of compilation so to figure out how to decompile a .ex4 and .ex5 files much harder.

What I can't understand is Themida protection is very good and from my research no one has been able to unpack the VM so if this the case why do they need to block the attaching of a debugger. If someone really wants to crack metatrader the will be able to get past the debug guard as documented on various forums but they can't get past the VM so begs the question why make metatrader developers suffer.

I guess It will only be a mater of time before you start seeing copies of MetaTrader with this feature disabled just as it was only a mater of time before you could find decompiled .ex4 file

 
pfx:


so begs the question why make metatrader developers suffer.

Because they don't care about us. Not even the tiniest bit.

They care about their paying customers who are the forex dealers and nobody else. We are only the annoying end users, we won't be asked about our opinion, we will be ignored, we are regarded only as a necessary evil.

Using Themida against somebody can be considered an impolite and rude act, some would even perceive it as an outright insult. Its like if I invite somebody (download) to my birthday party and the one appears at my party wearing a bullet-poof vest and a machine gun (to protect himself against me). This is an insult. Normal clothing would have been completely sufficient and adequate, I do not demand that they appear naked, but such kind of armor is certainly not adequate in my house. The fact that they are doing this speaks volumes about their attitude towards the end users.

 
7bit:

[...] Using Themida against somebody can be considered an impolite and rude act, some would even perceive it as an outright insult. [...]

Ya, but in this case the vast majority of users (IMHO, more than 99% of MT4 users) don't have a clue what Themida is and wouldn't care less.
 
gordon:
Ya, but in this case the vast majority of users (IMHO, more than 99% of MT4 users) don't have a clue what Themida is and wouldn't care less.
insulting somebody in a foreign language he does not understand does not make it any better. IMHO it makes it even worse.
 
7bit:
insulting somebody in a foreign language he does not understand does not make it any better. IMHO it makes it even worse.
I'm pretty sure that if u explain what Themida is to all those MT4 users who are ignorant of it, they will probably see it as a legitimate business decision. They won't be offended. This sounds like one of those things that can ONLY offend hard-core programmers.
 
gordon:
I'm pretty sure that if u explain what Themida is to all those MT4 users who are ignorant of it, they will probably see it as a legitimate business decision. They won't be offended. This sounds like one of those things that can ONLY offend hard-core programmers.


Well I don't think the issue is so much as in protecting the software with Themida. There are many options you can configure when protecting software using Themida and one of them is Debug Guard, so MetaTrader could easily still have the protection and enable debugger access.

Another option could be to have a registered developer program where by you can get a MetaTrader build still protected with Themida but allowing debugger access. A reasonable solution imho, how about it MetaQuotes?

 
pfx:

[...] A reasonable solution imho, how about it MetaQuotes?

I suggest u contact them directly as they are not likely to hear u here (and to clarify - I am not an MQ rep). Good luck!
 
pfx:

Another option could be to have a registered developer program where by you can get a MetaTrader build still protected with Themida but allowing debugger access. A reasonable solution imho, how about it MetaQuotes?

Very unlikely to happen. The only reason for using Themida is to protect against developers. MetaQuotes aren't using Themida in order to stop normal users doing anything.

(My guess is that they're trying to prevent inspection of the proprietary communication protocol with the MT4 Server software, and the code which handles it. Once upon a time, they probably also wanted to protect the code which interprets EX4 files, but that cat is well and truly out of the bag.)
 
jjc:

(My guess is that they're trying to prevent inspection of the proprietary communication protocol with the MT4 Server software
but build 225 still works, they did not change the protocol since they started using themida. It just makes absolutely no sense. Everything is out of the bag already, there is nothing left to protect.