transparent dll ?

Posted on 2004-11-01
Last Modified: 2010-04-01
At work we have a simple program that gets the handle to my running App( photoshop for testing), and then I manipulate the title bar, icon, etc (this lets us know visually if someone has installed their own ( cracked) version). but they have to run this externally, so it doesn't really work yet.
I also keep track of how often users access the app by replaceing the photoshop.exe with my own, and then having my exe do the tracking. When my exe is finished it calls to the real photoshop.exe and passes all command line args.
Now I want to combine them into a dll if it is possible.

I want to create my own dll with the name of one of the photoshop dlls. and then have my dll load the true photoshop dll .
so basically photoshop will call myTransparent.dll and myTransparent.dll will call renamed.dll passing the functions to photoshop.

dependency walker showed that one of the dll's only has one exported func. So that is the one I want to use.

Does this sound possible?
Question by:cafechris
    LVL 14

    Expert Comment

    The dependency checker doesn't give any info about arguments passed in to an exported function, or it's return type. So unless this info is public, you will have to figure this out. Then you've got initialization issues - for example, it's not safe to call LoadLibrary() from within DllMain(), so when exactly are you going to load the original dll? It may be doing things in it's DllMain() that are required for the program to run.

    Even then there are still many things that could go wrong.

    Exactly what is the problem you are trying to solve? It appears to be somehow related to preventing people from running bootleg software, but if you have purchased the software and have the proper licenses, it doesn't matter if they run cracked copies.
    LVL 1

    Author Comment

    Sounds like its pretty tough. I know of some other ways , but I thought this would be the easiest. And I don't want to run a service.
    But this thread isn't about what my other possibilities are, It was mainly about the dll idea.
    I mainly was just wonering if this dll idea was possible anyways. I was hoping that I could somehow just pass my application the handle of the renamed.dll. I am sure that software crackers are much better programmers than I am, but don't they do something similar to this, or do they alter the original.dll completely. I will try to find some of their methods, anyone have a good link to a website. Or some names of programs they use.
    LVL 8

    Assisted Solution


    I'm still not sure if I got the whole picture, but I think the DLL idea is pretty heavy and will have lots of problems in the future.
    If its all about just tracking the execution/loading DLLs etc, you have the option to globally hook API's like CreateProcess() LoadLibrary().
    What u think abt that ?
    LVL 14

    Accepted Solution

    > I am sure that software crackers are much better programmers than I am, but don't
    > they do something similar to this, or do they alter the original.dll completely.

    If a cracker is trying to hack out license protections, they would typically either modify the exe or dll where the license checks occur, or completely replace the dll of the licensing product (which typically have a small number of functions that have been reverse-engineered to figure out the input stack and return values).

    If you want to try to inject your own code into an existing program, I can think of two ways to do this "fairly" easily, and by "fairly" I mean you have a basic grounding in assembly language programming and a solid grasp of the portable executable format:

    1) write a function of what you want to have happen when the program starts, add it to the exe, change the entry point to run your code, fix up the section table if necessary and then branch to the real entry point when you are done. This is how program compressors work, for example.

    2) write your own dll and modify the data directory, import section table, and import section of the exe to add your dll to the list of dlls implicitly loaded when the exe starts up, and add an import into the program (otherwise your dll won't get loaded). Then, in your DllMain you can do lots of fun things like set up a timer to call yourself regularly, or munge the import table to redirect a function call in another dll to your code and then go to the real call when you are done. If done cleverly you can bypass the stack issues and just jmp to the real address, and you don't have to reverse-engineer the function's calling parameters. It can be tricky because if there isn't room to add your dll to the end of existing import descriptors you have to start moving stuff around and it can get ugly.

    Both of these methods can break the program if it does any rudimentary integrity check to see if the image has been modified, and if you don't get all the bits just right it is very hard to debug, particularly the dll method.
    LVL 1

    Author Comment

    Yep, sounds like something I don't have time for.
    Thanks anyways guys.

    Thanks for the Ideas, but I will just write a plugin or something. This is really the same thing anyways....

    I will split the points here.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    The Complete Ruby on Rails Developer Course

    Ruby on Rails is one of the most popular web development frameworks, and a useful tool used by both startups and more established companies to build strong graphic user interfaces, and responsive websites and apps.

    Some Windows API functions expect you to provide a pointer to a CALLBACK function that the system will need to call as part of the operation.  Such API functions as SetTimer, timeSetEvent, CreateThread, EnumWindows, LineDDA, even window message hand…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
    The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now