Full Disclosure mailing list archives

Re: plz suggest security for DLL functions

From: Gaurav Kumar <gkverma () gmail com>
Date: Fri, 1 Jul 2005 15:26:06 +0530

if it would have been so simpler, i wouldnt have asked it here, 
the application design doesnt allow us to use the conventioal
loadlibray method. we need to export functions also and at the same
time protect from misuse.

regards,
gaurav

On 7/1/05, Abhisek Datta <abhisek.datta () gmail com> wrote:

Please guide us in making those functions secret or encrypted so that
others cannt use our functions.


Using Windows DLL APIs, normally only those functions exported by a
DLL can be called by a process that maps the DLL in its address space.
The simplest solution is not to export the functions which u do not
want to be used by other programs using conventional LoadLibrary and
GetProcAddress.. in that case u need some clever hack for ur own
application that maps the entire DLL in its address space implements
offset based calculation to find the address of ur unexported
functions in the DLL and return to it, though i havent implemented
these concept but i think it is quite possible and can do it if
required.

as far as encryption is concerned, u can encrypt ur DLL as per ur wish
and decrypt it from ur userland application before memory mapping.

In any case, the phrase "others cant use the function" is not realy
feasible as far as i am concerned.

btw. Gaurav, I suggest better do ur homework using google or something
similar before asking these questions cause it sounds clueless..

Regards,
- Abhisek

On 7/1/05, Gaurav Kumar <gkverma () gmail com> wrote:

friends,

We are developing a software that makes use of a COM DLL. The whole
logic lies in the dll. The User Interface is in VC++. DLL exposes
functions, application calls it and displays result. Now, we found
that anybody can copy the DLL, register it and make use of those
functions.

Please guide us in making those functions secret or encrypted so that
others cannt use our functions.

thanks and regards,
gaurav
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: plz suggest security for DLL functions Abhisek Datta (Jul 01)
- Re: plz suggest security for DLL functions Gaurav Kumar (Jul 01)
  - Re: plz suggest security for DLL functions securitynews (Jul 01)
  - Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
    - Re: plz suggest security for DLL functions Tim (Jul 01)
    - Re: plz suggest security for DLL functions Michael Holstein (Jul 01)
    - Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
    - Re: plz suggest security for DLL functions Michael Holstein (Jul 01)
    - Re: plz suggest security for DLL functions Valdis . Kletnieks (Jul 01)
- <Possible follow-ups>
- Re: plz suggest security for DLL functions upb (Jul 01)
  - Re: plz suggest security for DLL functions Tim (Jul 01)
- Re: plz suggest security for DLL functions Michael Holstein (Jul 01)

(Thread continues...)