Solved

Delphi Programming question

Posted on 1997-09-03
5
159 Views
Last Modified: 2010-04-04
Hello everybody,
 
I'm wondering how to create a Delphi 32bits program (MyApp.exe) to modify an application (App.EXE) for
which I don't have the source code so that this application ask you a password (and a username optionally) before you can launch it.

In order to be more precise, I've already developed such a password function (Mypasswd) which is available in a DLL (MyLib.DLL). How can I modify App.EXE so that it execute the function Mypasswd from MyLib.DLL and then accept to launch only when the result of the call to MyPasswd is true.

I know that modifying another companies executable is illegal... but I know too that's possible and I'm curious
to learn the tip...
 
Another way to solve my problem could be to write a program that scans for any given executable, and override the start of it, by intercepting the windows messages...  If they enter the correct password, you continue to process the file, if they don't, you stop the application
from running.... The problem with this solution, is that this special pgm must always run in background. How to be sure that is the case and that the user cannot stop this pgm...

Any help or information (a source code example) is welcome.

Thanks in advance for your help

Sevy
0
Comment
Question by:sevy
5 Comments
 

Expert Comment

by:avj
ID: 1343567
Well I wouldn't bother with the executable as such, but rather move it out of the way by renaming the original application (APP.EXE for example) to some nice inconspicuous one (musthave.dll), and to give your app (myapp.exe) the name of the original application (APP.EXE). this application would than check
password and launch the original file (now musthave.dll) when
ok.

0
 
LVL 3

Expert Comment

by:d4jaj1
ID: 1343568
I am curious about your password application, as I'm building an app that sorely needs better security.  I'd rather use someone else's component rather than writing an elaborate security scheme myself.  Can you tell me about it?  My email is Jay.Jackson@mci.com.

Thanks
0
 

Expert Comment

by:rammstein
ID: 1343569
Hopefully the answer from d4jaj1 won't satisfy you, as this is one of the worst protection-schemes I have ever seen. If you really want to take a look at how cracker's are working you should take a look at
http://ourworld.compuserve.com/homepages/fravia/
There are also some very powerful protectionschemes.

 There are many programs on the market such as 20/20's Softsentry or TimeLock or whatever that alter any given *.exe into a somehow 'password-protected' version. Those wrappers arent really worth the money. If you want to test a protection wrapper try http://www.hallogram.com/sentry/

BTW... it takes something from 5 to 30 minutes to remove a 'wrapperprotection'.


0
 

Author Comment

by:sevy
ID: 1343570
Sorry, but that do not answer my question at all. Moreover,
what avj propose is not a good protection schemes and what a
mess if you have plenty of apps to protect...
0
 
LVL 3

Accepted Solution

by:
KE earned 120 total points
ID: 1343571
In my point of view the solution would be to make a simple protect.exe file which is only used for calling a single authentification function in your DLL. The size of the protect.exe file should be as small as posible - i sugest that you use another environment than Delphi to produce the protect.exe - this is due to the huge overhead that Delphi produces, caused by the runtime librarys (can not be disabled - as far as i know).

The protect.exe file is then placed in front of the file you want to protect.
Example:
compound.exe = protect.exe + original.exe
When you launch compound.exe the OS will recognice it as protect.exe (with something appended to it) - protect.exe will then trigger your DLL which handles everything of concern, and if the password match, the DLL should extract the original.exe from compound.exe and launch it.

As an example you can experiment with copy:
COPY /B NOTEPAD.EXE + /B WRITE.EXE COMPOUND.EXE
Launch compound.exe and notepad shows.

You can always encrypt the original.exe before appending it to protect.exe to ensure a better protection.

0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question