lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA0BKn9uKnWEeCDU7Vx+IAQ8KAAAAQAAAApMfyE0hKaESteDnDoXIM5wEAAAAA@online.gateway.strangled.net>
Date: Sat Jul  2 17:04:41 2005
From: aditya.deshmukh at online.gateway.strangled.net (Aditya Deshmukh)
Subject: plz suggest security for DLL functions

> friends,
>
> We are developing a software that makes use of a COM DLL. The whole
> logic lies in the dll. The User Interface is in VC++. DLL exposes
> functions, application calls it and displays result. Now, we found
> that anybody can copy the DLL, register it and make use of those
> functions.

This is a classic problem that plagues most of the software. They make
good libs but don't want others to use them. Have u looked into encrypting
the file itself and decrypting the required portion in the memory itself?

This way nothing uncrypted in ever on the disk. So no one can actually do
anything with a copied file.

There are more approaches like anti debugging code like putting some your
code in int 1 and int 3 so that debuggers cannot touch your code

Or deliberately misaligning memory while some part of the dll so that any
calling program that uses the dll has to so work around this "bug"

there are quite other also like changing the PE section and so on


> Please guide us in making those functions secret or encrypted so that
> others cannt use our functions.

But keep this in mind almost all what you do to protect your dll can be
undone with enough time and resources. And someone just might! So if your
DLL is heavily encrypted somewhere it would have to be decrypted and if
*that* code can be debugged all the battle is lost, and believe me someone
may just find a way to do that...




________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ