Solved

Writing data in EXE files

Posted on 1998-10-07
13
358 Views
Last Modified: 2010-04-06
I want to store an encrypted password inside my program's EXE file. I also need to be able to change it from my program. How do I do that ?

Thanks in advance
0
Comment
Question by:carceri
13 Comments
 
LVL 5

Expert Comment

by:inter
ID: 1342154
How long does your password?
igor
0
 
LVL 5

Expert Comment

by:inter
ID: 1342155
Any way,

//**************************************************************
type
  TReserved = packed record
    pad : array[0..9]of byte;
  end;
  // This is old dos header
  TDosHeader = packed record
    FS : WORD;
    BOL: WORD;
    OTHER    : array[0..17] of WORD;
    res : TReserved;
    //forget the rest
  end;
//
// F is filename
// D is data you want to store in it (MAX 10) for this method
//
procedure ReadPassWord(const F : string;var Pass : string);
var
  T : TDosHeader;
  S : TFileStream;
begin
  // try opening in different modes
  try
   S := TFileStream.Create(F, fmOpenRead or fmShareDenyNode);
  except
   S := TFileStream.Create(F, fmOpenRead or fmShareCompat);
  end;
  //read dos header that we gonna modify
  try
    S.Read(T,sizeof(T));
    SetLength(Pass ,10);
    move(Pass[1], T.Res.Pad);
  finally
   S.Free;
  end;
end;

procedure WritePassWord(const F : string;const Pass : string);
var
  T : TDosHeader;
  S : TFileStream;
begin
  try
   S := TFileStream.Create(F, fmOpenWrite or fmShareDenyNode);
  except
   S := TFileStream.Create(F, fmOpenWrite or fmShareCompat);
  end;
  try
   S.Seek(0,0);
   // write what you want in T.Res.pas (it is 10 bytes long)
   move(T.Res.pas, Pass[1], Length(Pass));
   S.Write(T, Sizeof(T));
   // Done!
  finally
   S.Free;
  end;
end;
//**************************************************************
The other way that can store any amount of data it as follows:

- The file structure should will be
[original exe][signiture][your data][length of your data(DWORD)]
so if you want to store 'hello world' and your signiture-which we
can detect that file is modified by ourselves- is '@@@@' the file
would be('[' and ']' denotes the segments they are not in image)
[original exe][@@@@][hello world][0B000000]
(note that 11 = $0000000B in little indian = $0B000000)

SO:


//**************************************************************
uses
  SysUtils, ...etc;

function IsMyFile(F : string):boolean;
var
  S   : TFileStream;
  Len : DWord;
  Sign: array[0..3] of byte;
const
  DefSign : array[0..3] of char = "@@@@";
begin
  Result := false;
  // try opening in different modes
  try
   S := TFileStream.Create(F, fmOpenRead or fmShareDenyNode);
  except
   S := TFileStream.Create(F, fmOpenRead or fmShareCompat);
  end;
  try
    //go to end
    S.Seek( 4, soFromEnd);
    //read our length(as if file is ours)
    S.Read( Len, sizeof(Len));
    //seek to signiture from back
    S.Seek(4 + Len + 4, soFromEnd);
    // read signiture and compare
    S.Read(Sign[0], SizeOf(Sign[0]));
    // compare memories and set result
    Result := CompareMem(@Sign[0], @DefSign[0], SizeOf(Sign));
  finally
   S.Free;
  end;
end;

// reads password if no password set returns empty string
function ReadPassword(F : string):string;
var
  S   : TFileStream;
  Len : DWord;
  Sign: array[0..3] of byte;
const
  DefSign : array[0..3] of char = "@@@@";
begin
  if not IsMyFile then EXIT; // no password ****************
  Result := '';
  // try opening in different modes
  try
   S := TFileStream.Create(F, fmOpenRead or fmShareDenyNode);
  except
   S := TFileStream.Create(F, fmOpenRead or fmShareCompat);
  end;
  try
    //go to end
    S.Seek( 4, soFromEnd);
    //read our length(as if file is ours)
    S.Read( Len, sizeof(Len));
    //seek to it from back
    S.Seek(4 + Len, soFromEnd);
    // size return value accordingly
    SetLength(Result, Len);
    // read signiture and compare
    S.Read(Result[1], Len);
  finally
   S.Free;
  end;
end;

// writes the password
procedure WritePassword(F : string; const Pass:string);
var
  S   : TFileStream;
  Len : DWord;
  MyFile : Boolean;
const
  DefSign : array[0..3] of char = "@@@@";
begin
  MyFile := IsMyFile;
  // try opening in different modes
  try
   S := TFileStream.Create(F, fmOpenReadWrite or fmShareDenyNode);
  except
   S := TFileStream.Create(F, fmOpenReadWrite or fmShareCompat);
  end;
  try
    if MyFile Then
    begin
      //go to end
      S.Seek( 4, soFromEnd);
      //read our old length
      S.Read( Len, sizeof(Len));
      //seek to the begining of the old password
      S.Seek(4 + Len, soFromEnd);
      // write new password
      Len := Length(Pass);
      S.Write( Pass[1], Len);
      // write lenghth
      S.Write( Len, sizeof(Len));
    end
    else begin
      //go to end
      S.Seek( 0, soFromEnd);
      // write signiture
      S.Write( DefSign[0], SizeOf(DefSign))
      // write password
      Len := Length(Pass);
      S.Write( Pass[1], Len);
      // write lenghth
      S.Write( Len, sizeof(Len));
    end;
  finally
   S.Free;
  end;
end;
//**************************************************************


May this helps...igor
0
 
LVL 6

Expert Comment

by:Holger101497
ID: 1342156
Are you sure this will work?
I thought Windows didn't allow you to modify an EXE-file that is in use....
which would mean you cannot modify the file to change the password!
0
 

Author Comment

by:carceri
ID: 1342157
Thanks, I'll see if this works and then I'll come back
0
 
LVL 5

Expert Comment

by:inter
ID: 1342158
I have do such things in NT, if you can find the correct mode to open the file it works.
0
 

Author Comment

by:carceri
ID: 1342159
Windows didn't allow me to modify this file since it's in use
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 5

Expert Comment

by:inter
ID: 1342160
It is wise for one to accept if he/she is wrong. Yes I am WRONG, we can not modify exe only able to read it (because it is opened by operation system as fmShareDenyWrite). So why do not you store your encrypted password in registry? If it is encrypted I think it is no problem...
0
 

Author Comment

by:carceri
ID: 1342161
Yes, that's a possibility, but I want to make sure that if people copy the program, they'll get the password too. I know that there aren't any documented ways of doing so, but I also know that a lot of programs are doing it
0
 

Expert Comment

by:d_kiernan
ID: 1342162
Why not have the password-change-program as a separate EXE, then you can modify the original EXE, along as it is closed.
0
 

Author Comment

by:carceri
ID: 1342163
Hmmm. That could be a solution, but now I'm curious... how do you write to the programs exe file from the program itsel ?

Thanks d_kieman
0
 
LVL 5

Expert Comment

by:inter
ID: 1342164
Hi, I think d_kieman talks about modifying our main exe from another program while it is not running...On that case, my procedures above works correctly, just give the filename as the filename of our main exe. So you have two programs, one is your main program call it main.exe and the other is password writer; call it passwrite.exe so when you run passwrite.exe it writes the password to the main.exe as above. Then when your program runs it can read password from itself.
However I can not understand why you want to write the password in your exe. If you do it for copy protection, moving your file to another machine must ask new password because it is coppied which is the case you do not want to allow.
So do you use your password for copy protection?
igor
0
 

Author Comment

by:carceri
ID: 1342165
No, the password is not used for copy protection, but to protect certain features in the program, that even people who "steals" the program (it must run om computers in a public library) can't have access to.

Of cource the idea with two programs would work here, but if it's possible to keep it in one EXE that would be prefered
0
 
LVL 1

Accepted Solution

by:
zac earned 100 total points
ID: 1342166
It is *sort of* possible to update an exe under '95 / NT however it involves a bit of skuldugery......

When your application first comes alive you don't show your window etc, but you copy the exe file to a temp name and then launch that exe closing the first one down.  This exe with a temp file can now play with your original exe file checking data etc before from temp.exe (or whatever).

Once you are satisfied you then launch the original exe again deleting the temp file....

This method has been encapsulated in a freeware unit by Oleg Subachev.  I believe it was originally written as a simple anti copy mechanism.

It is available from the delphi super page (http://sunsite.icm.edu.pl/delphi/) called sacc212.zip

Definately worthy of a look..... I have only ever had a quick play with it myself, but I know it implements the algorithm I outlined above..

Good luck...

Zac



0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now