Full Disclosure mailing list archives
Re: plz suggest security for DLL functions
From: "securitynews" <securitynews () wanadoo fr>
Date: Fri, 1 Jul 2005 15:26:21 +0200
hi ,maybe by inserting some piece of code in the begining of all of your dll functions that check the caller before doing its job , and so if this is not your original app make sure the dll return without doing something.
regards, stephane.----- Original Message ----- From: "Gaurav Kumar" <gkverma () gmail com>
To: "Abhisek Datta" <abhisek.datta () gmail com> Cc: <full-disclosure () lists grok org uk> Sent: Friday, July 01, 2005 11:56 AM Subject: Re: [Full-disclosure] plz suggest security for DLL functions if it would have been so simpler, i wouldnt have asked it here, the application design doesnt allow us to use the conventioal loadlibray method. we need to export functions also and at the same time protect from misuse. regards, gaurav On 7/1/05, Abhisek Datta <abhisek.datta () gmail com> wrote:
> Please guide us in making those functions secret or encrypted so that > others cannt use our functions. Using Windows DLL APIs, normally only those functions exported by a DLL can be called by a process that maps the DLL in its address space. The simplest solution is not to export the functions which u do not want to be used by other programs using conventional LoadLibrary and GetProcAddress.. in that case u need some clever hack for ur own application that maps the entire DLL in its address space implements offset based calculation to find the address of ur unexported functions in the DLL and return to it, though i havent implemented these concept but i think it is quite possible and can do it if required. as far as encryption is concerned, u can encrypt ur DLL as per ur wish and decrypt it from ur userland application before memory mapping. In any case, the phrase "others cant use the function" is not realy feasible as far as i am concerned. btw. Gaurav, I suggest better do ur homework using google or something similar before asking these questions cause it sounds clueless.. Regards, - Abhisek
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/06/2005 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: plz suggest security for DLL functions Abhisek Datta (Jul 01)
- Re: plz suggest security for DLL functions Gaurav Kumar (Jul 01)
- Re: plz suggest security for DLL functions securitynews (Jul 01)
- Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
- Re: plz suggest security for DLL functions Tim (Jul 01)
- Re: plz suggest security for DLL functions Michael Holstein (Jul 01)
- Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
- Re: plz suggest security for DLL functions Michael Holstein (Jul 01)
- Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
- Re: plz suggest security for DLL functions Gaurav Kumar (Jul 01)
- <Possible follow-ups>
- Re: plz suggest security for DLL functions upb (Jul 01)
- Re: plz suggest security for DLL functions Tim (Jul 01)
- Re: plz suggest security for DLL functions Michael Holstein (Jul 01)
- RE: plz suggest security for DLL functions Aditya Deshmukh (Jul 02)