Code injection

hi guys,
Do you know how to detect code injection? I use il2cpp and I would like to know if someone tries to use injection in my app.

 

Sounds like a question better suited to a hacker forum.

This forum is for Unity scripting and making games, not fruitlessly trying to stop eleven year olds modding your game.

 

Code injection usually refers to a security problem where you take some user input at runtime and interpret it as executable code, which allows a malicious user to make you run whatever code they give you. This...doesn't obviously have anything to do with il2cpp?

The usual example is that you use some input from the user as a parameter in some database command (like SQL), and you expected the user to enter some ordinary string like

robert

but instead they entered a string like

robert'); DROP TABLE Students; --

But if you just splice their string into your query without checking, then you've just unwittingly allowed a clever user to run arbitrary commands on your database.

The solution to this problem for most programs is "very carefully never do that." If you have to use any form of outside input when creating an internal command, then either validate or escape the input first. (Libraries for things like SQL will often have built-in commands for this sort of thing, specifically to help you prevent code injection attacks.)

But you generally shouldn't try to "detect" code injection except indirectly. That is, instead of asking "is this an attempted attack?" you should ask a question like "can I absolutely prove that this input is completely safe?" and if you can't then you shouldn't use it.