Solved

Delphi Programming question

Posted on 1997-09-03
5
155 Views
Last Modified: 2010-04-04
Hello everybody,
 
I'm wondering how to create a Delphi 32bits program (MyApp.exe) to modify an application (App.EXE) for
which I don't have the source code so that this application ask you a password (and a username optionally) before you can launch it.

In order to be more precise, I've already developed such a password function (Mypasswd) which is available in a DLL (MyLib.DLL). How can I modify App.EXE so that it execute the function Mypasswd from MyLib.DLL and then accept to launch only when the result of the call to MyPasswd is true.

I know that modifying another companies executable is illegal... but I know too that's possible and I'm curious
to learn the tip...
 
Another way to solve my problem could be to write a program that scans for any given executable, and override the start of it, by intercepting the windows messages...  If they enter the correct password, you continue to process the file, if they don't, you stop the application
from running.... The problem with this solution, is that this special pgm must always run in background. How to be sure that is the case and that the user cannot stop this pgm...

Any help or information (a source code example) is welcome.

Thanks in advance for your help

Sevy
0
Comment
Question by:sevy
5 Comments
 

Expert Comment

by:avj
Comment Utility
Well I wouldn't bother with the executable as such, but rather move it out of the way by renaming the original application (APP.EXE for example) to some nice inconspicuous one (musthave.dll), and to give your app (myapp.exe) the name of the original application (APP.EXE). this application would than check
password and launch the original file (now musthave.dll) when
ok.

0
 
LVL 3

Expert Comment

by:d4jaj1
Comment Utility
I am curious about your password application, as I'm building an app that sorely needs better security.  I'd rather use someone else's component rather than writing an elaborate security scheme myself.  Can you tell me about it?  My email is Jay.Jackson@mci.com.

Thanks
0
 

Expert Comment

by:rammstein
Comment Utility
Hopefully the answer from d4jaj1 won't satisfy you, as this is one of the worst protection-schemes I have ever seen. If you really want to take a look at how cracker's are working you should take a look at
http://ourworld.compuserve.com/homepages/fravia/
There are also some very powerful protectionschemes.

 There are many programs on the market such as 20/20's Softsentry or TimeLock or whatever that alter any given *.exe into a somehow 'password-protected' version. Those wrappers arent really worth the money. If you want to test a protection wrapper try http://www.hallogram.com/sentry/

BTW... it takes something from 5 to 30 minutes to remove a 'wrapperprotection'.


0
 

Author Comment

by:sevy
Comment Utility
Sorry, but that do not answer my question at all. Moreover,
what avj propose is not a good protection schemes and what a
mess if you have plenty of apps to protect...
0
 
LVL 3

Accepted Solution

by:
KE earned 120 total points
Comment Utility
In my point of view the solution would be to make a simple protect.exe file which is only used for calling a single authentification function in your DLL. The size of the protect.exe file should be as small as posible - i sugest that you use another environment than Delphi to produce the protect.exe - this is due to the huge overhead that Delphi produces, caused by the runtime librarys (can not be disabled - as far as i know).

The protect.exe file is then placed in front of the file you want to protect.
Example:
compound.exe = protect.exe + original.exe
When you launch compound.exe the OS will recognice it as protect.exe (with something appended to it) - protect.exe will then trigger your DLL which handles everything of concern, and if the password match, the DLL should extract the original.exe from compound.exe and launch it.

As an example you can experiment with copy:
COPY /B NOTEPAD.EXE + /B WRITE.EXE COMPOUND.EXE
Launch compound.exe and notepad shows.

You can always encrypt the original.exe before appending it to protect.exe to ensure a better protection.

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now