RE: plz suggest security for DLL functions

["Aditya Deshmukh" <aditya.deshmukh () online gateway strangled net>]

> friends,
>
> We are developing a software that makes use of a COM DLL. The whole
> logic lies in the dll. The User Interface is in VC++. DLL exposes
> functions, application calls it and displays result. Now, we found
> that anybody can copy the DLL, register it and make use of those
> functions.

This is a classic problem that plagues most of the software. They make
good libs but don't want others to use them. Have u looked into encrypting
the file itself and decrypting the required portion in the memory itself?

This way nothing uncrypted in ever on the disk. So no one can actually do
anything with a copied file.

There are more approaches like anti debugging code like putting some your
code in int 1 and int 3 so that debuggers cannot touch your code

Or deliberately misaligning memory while some part of the dll so that any
calling program that uses the dll has to so work around this "bug"

there are quite other also like changing the PE section and so on


> Please guide us in making those functions secret or encrypted so that
> others cannt use our functions.

But keep this in mind almost all what you do to protect your dll can be
undone with enough time and resources. And someone just might! So if your
DLL is heavily encrypted somewhere it would have to be decrypted and if
*that* code can be debugged all the battle is lost, and believe me someone
may just find a way to do that...




________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/