Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Embed a password into an exe file

Posted on 1999-06-23
26
Medium Priority
?
2,060 Views
Last Modified: 2008-02-01
Using VB4, how would you attach a password to an exe file so
only your program(that knows the password) would be able to run it? Is this possible thru VB?
I do not want to encrypt/decrypt nor produce a copy of the file but write directly into the exe.
 Any other ideas?
0
Comment
Question by:LeeGar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 4
  • +9
26 Comments
 

Expert Comment

by:ChasDevlin
ID: 1519151
You could make an exe with x$ = "PASSWORD" in it.  The use a low level binary editor to find PASSWORD in the file, then change it to a string the same length

When you know where it is in the .exe U can write a prog to do this bit.
0
 
LVL 22

Expert Comment

by:ture
ID: 1519152
LeeGar,

By using the Command function to check for an argument, you can require a password as an argument when starting the application.

Enter something like this in your protected program:

  If UCase(Command) <> "CARROT" Then End


If your EXE file is named secretapp.exe, you can start it manually with the command "secretapp carrot" or from VBA with x=SHELL("secretapp.exe carrot")

Ture Magnusson
Karlstad, Sweden
0
 

Expert Comment

by:vbklaus
ID: 1519153
I hope I understood that right.
This is probably a silly and dirty solution, but it worked for me:
Open the EXE file that shall not be run without your program that knows the password with a HEXEDITOR. There is a lot of 'free' space in the EXE file (0 0 0 0 0 0...). Just edit it and write your password into the file. Keep notes at which place you wrote it to.
Then when you start your program it needs to compare the password that the user entered with the password in the exe file.
If it is the same program: For me it worked to open the exe file for reading while it was running !
- Or (if you have two exe files) shell to the exe file with a switch: (this is from VB6 help)
<When Visual Basic is launched from the command line, any <portion of the command line that follows /cmd is passed to <the program as the command-line argument. In the following <example, cmdlineargs represents the argument information <returned by the Command function.
<
<VB /cmd cmdlineargs
The file to be protected from running first checks, if the command switch is the same as the password you wrote into it.


0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Expert Comment

by:vbklaus
ID: 1519154
Oh, I see I was thinking to long about it...did not want to copy someone.
0
 
LVL 12

Expert Comment

by:mark2150
ID: 1519155
Embedding the password is *trivial* to break. All you have to do is make two copies of the program and change the password in one of them. Then use FC (File Compare) to run them against one another. *BING* the exact locations of the change pops out!

Even if you scramble the password it's not hard to decipher if you know the before and after.

M

0
 
LVL 18

Expert Comment

by:deighton
ID: 1519156
I'm sure there are ways of encrypting the password to make it hard to crack.  You'd have to be pretty good to figure it out you know.


0
 
LVL 6

Expert Comment

by:simonbennett
ID: 1519157
Playing with a hex editor to insert a password into a vb.exe is *probably a little messy*. You risk failing checksums etc and how are you going to read it in? Line input? Good luck. Why not create an algorythm to gain entry e.g. Day * Month * Year or Days since my last birthday. Just don't tell a soul. As for the command line parameter - that is going to be your quickest way out - it's an elegant solution.
0
 
LVL 6

Expert Comment

by:simonbennett
ID: 1519158
Playing with a hex editor to insert a password into a vb.exe is *probably a little messy*. You risk failing checksums etc and how are you going to read it in? Line input? Good luck. Why not create an algorythm to gain entry e.g. Day * Month * Year or Days since my last birthday. Just don't tell a soul. As for the command line parameter - that is going to be your quickest way out - it's an elegant solution.
0
 
LVL 12

Expert Comment

by:mark2150
ID: 1519159
deighton,

You can encrypt for all you're worth, but if it's eight bytes or so and I can change passwords one character at a time I'll break it in short order.

Hex editing a .EXE is NOT a viable solution if you're going to sell this in any volume.

You're also stuck if the user runs it from CD or from a LAN drive where they don't have R/W privleges.

No, embedding a PWD in an .EXE is *NOT* a good idea.

After years of being in the biz and having sold quite a few commercial apps, I've come to the conclusion that 99.9% of programmers over-rate the value of their work and that good code will *sell* even if it is pirated. 90% of pirate copies don't go into regular service - they get cracked, played with and cast aside.

Save the coding effort or put it to making your app better.

If you want to have access control, use the LAN's authentication. It gives you just a single point of control and is much more robust than anything you're going to write.

Just FWIW.

M

0
 
LVL 5

Expert Comment

by:KDivad
ID: 1519160
Seems to me LeeGar is wanting to block a program that isn't his own. Not a program he wrote and can check for a password in the code, but another program he doesn't want anybody to run.
0
 

Expert Comment

by:vbklaus
ID: 1519161
If kdivad was right :
You can deliver an EXE file that is manipulated, so it does not run anymore (change some bytes).
When your program gets the right password, it can restore the other file and call it with shell.

0
 

Author Comment

by:LeeGar
ID: 1519162
The program is to control & monitor internet use. It contains a database of user names with  passwords and  lets u select a browser to use with it. It also runs a tracking system by the user logged on and copys  the history file of the browser with there name. When the tracker detects the browser is no longer active, it shuts down. The tracker is the second exe of the program. I cant use a hex editor in code, I need the program to be able to do something to the selected exe so only the program can run it. If someone d-clicks on the exe I want it so it doesn't execute anymore after my program has selected it as the active browser to control access to. Modifying the exe WITHOUT having it crash the system if someone clicks on it is the key. So a password of some sort that the program only knows & uses to open up the exe is so desired.
0
 

Author Comment

by:LeeGar
ID: 1519163
The Whole thing in a nutShell;
                Q:
                 Using VB4, how would you attach a password to an exe file so
                  only your program(that knows the password) would be able to run it? Is this possible thru VB?
                  I do not want to encrypt/decrypt nor produce a copy of the file but write directly into the exe.
                   Any other ideas?

  Using Visual Basic 4.0
  The program is to control & monitor internet use. It uses a password protected database of user names & their  passwords
  and  lets u select a browser & historyFile to use with it. It also runs a tracking system by the user logged on and
 copys  the history file with date,time & their logonName every 3 minutes or so to a directory.
  When the tracker detects the browser is no longer
  active, it shuts down. The tracker is the second exe of the program which starts after the browser is ran.
 I cant use a hex editor in code, I need  the program to be able to do something to the selected exe so only the program can
run it. If someone  d-clicks on the exe I want it so it doesn't execute anymore after my program has selected it as the active  
browser to control access to. Modifying the exe WITHOUT having it crash the system if someone clicks on it
 is the key. So a password of some sort that the program only knows & uses to open up the exe is so
 desired.

There are a couple of programs out there that do this, PrivateExe and ExeProtector but they use window interface &
don't allow for code/command line useage.

                  Any help appreciated        leegar@geocities.com
0
 
LVL 1

Expert Comment

by:wolfjjj
ID: 1519164
OK there are simply two solutions

1) Use the Command$ receive the password from there are if it's wrong exit the program like someone suggested above.

2) Second solution the one I would use. It is to use DDE. Once the second program is launched have it send a DDE request to the First program and if it replies then let the program continue running otherwise close the program. This way you don't need to stuff around with passwords and stuff like that. It's simple quick and requires little effort to maintain.
0
 

Author Comment

by:LeeGar
ID: 1519165
Wolfiii,
Not sure on your answer...???
How would this prevent someone from just d-clicking on the exe & running it from there, bypassing my program that calls it?
It needs to be inside the exe so it can't be called seperately from a explorer window.
0
 
LVL 1

Expert Comment

by:wolfjjj
ID: 1519166
OK Basically when your Server program is running and you tell the secondary program to start running what you would do is record that the program has been started via your program, ie just a boolean field in your user database would be fine.

Next in your secondary program in the startup routine the program would send a dde request to your server program requesting authorization to run.

The Server program would check it's database and if the program is OK to run ie If it was executed by your program then it sends back a reply saying yep continue running.

If the secondary program was run just by clicking on it it would send the request to the server the server would check it's database reply saying No you can't run because I didn't say so. The secondary program would receive the reply and so OK that's cool and shutdown.
0
 

Author Comment

by:LeeGar
ID: 1519167
Thanks Please try again, This is visual basic 4 to be run  under Win95, No server & it is to be so double-clicking on the broswer exe will not let you run it without a password so only my program knows the password so bypassing my program would not work. The best thing would be a dos-command line program that would embed a password into the exe by command line input,
A program called protect.exe
example:  protect.exe  netscape.exe  -password (put password into exe)

               netscape -password   (run protected exe with supplied password)

0
 
LVL 1

Expert Comment

by:wolfjjj
ID: 1519168
When I am saying Server I am referring to your program the one which calls the Secondary Program not a seperate program.


0
 

Author Comment

by:LeeGar
ID: 1519169
Wolfiii,
The program I want to protect is "any" exe, In this case a browser exe..
netscape.exe. So if they d-click on netscape.exe from the explorer window, my program is never run, so there is no comunication to MY VB program.
Now having a password in the exe itself will prevent this program from running.  except a command line entry of netscape.exe -password
A window could even come up from the exe,  if a password is not supplied at command line requesting the password for the file. But all this has to come out of the exe when it is attempted to be run.

0
 
LVL 1

Expert Comment

by:wolfjjj
ID: 1519170
Nah your talking about some serious coding to do that and would take time.

The only other way of doing it would to have the main program, the one that calls netscape running at all times and have it check through the processes running and just kill the process if it is unauthorized.
0
 

Author Comment

by:LeeGar
ID: 1519171
Well thanks for trying anyway, how about a different question then? I need to be able to grab Netscapes URL(location:) box info  from it everytime it changes as someone surfs the net. How would you do that?
0
 

Expert Comment

by:vbklaus
ID: 1519172
I don't think you can get netscape.exe to check a password that you implement in the exe file.
How about this : Remove netscape.
Install IEXPLORE.EXE
Hide it or rename it and write your own browser.
With VB 6 you just add a browser module to your project and you are (nearly) done. This software will do anything you want.
Mybe you call it IEXPLORE.EXE and it works istead the real IEXPLORE.
Maybe someone is familiar to VB4 and knows if you can use the webbrowser components.
0
 

Expert Comment

by:RanOsb
ID: 1519173
I know what your looking for, its the same thing that codesafe and privateExe do, but Yes, they are window interface programs that have popups on them. I believe they are written in Visual C++, don't know if you can do the same or similar with visual basic. Somebody should know. I know if you will have a better chance with it.
0
 
LVL 1

Expert Comment

by:rondeauj
ID: 1519174
When you give permission to run the app use the API to get the Hinstance of the exe.
Use a timer and some more API calls to enum the windows in the operating systems collection. If you find one that equals the CLASS of one of the exe's you are wanting to control then you compare it's Hinstance with the ones logged in your database as valid. If it is not valid then you order the operating system to kill the running app.
The user can then try to reinstall and rename or even try to run another app across a network but all processes on the computer will still be tracked according to the windows handle and class name. This way you dont not have to modify an exe, which will more than likely get deleted by a virus program anyway.
It may sound hard to code and manage, but its easy as hell and no HEX editor can stop it.
IF you are running on a NT machine then use the API to change the permissions of the file. NTFS is very powerful and can also be used to do this. If you would like a coding example of how to enum the windows let me know, but I would require a few more points.
0
 

Author Comment

by:LeeGar
ID: 1519175
Its not to be run on a server but win95. The password  must be in the exe because any user could just double click on the exe thru the explorer window and the program would run(just as any exe), totally bypassing my program thats trying to control this exe(which is netscape.exe).

Sure, I could control it ...IF...they couldn't just bypass my program


0
 

Accepted Solution

by:
skellig earned 400 total points
ID: 1519176
You can embed password to a exe file by simply adding it to end of compiled program. Whenever I tried it, it always worked...
by using random file / sequential file and also encyrpt you cn easily create embed password in exe

Just add to the end
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many ways to remove duplicate entries in an SQL or Access database. Most make you temporarily insert an ID field, make a temp table and copy data back and forth, and/or are slow. Here is an easy way in VB6 using ADO to remove duplicate row…
I’ve seen a number of people looking for examples of how to access web services from VB6.  I’ve been using a test harness I built in VB6 (using many resources I found online) that I use for small projects to work out how to communicate with web serv…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question