We help IT Professionals succeed at work.

How to encrypt a *.res file and make it work?

fjocke
fjocke asked
on
877 Views
Last Modified: 2008-02-12
How to Encrypt a *.Res file?

Here is my problem. Im making a Serial Key Activation Wrapper for executables.
Where i load the target i have from a Target.rc and compile it to a Target.res

I then later start the target from memory by loading the executable stored in the resource table.

Now, this is a good way to make a executable wrapper. However, its not safe at all loading it memory wise. Anyone can just open my protected exe file with my bundled target and just use ResHack and safe the Resource stub as binary and boom its not protected anymore.

So now i'd like to encrypt the resource file somehow. Since im loading the resource into a resource data.
It would be easy to decrypt. But since im using brcc32.exe to compile the Target.rc its kind of hard to encrypt the resource. The packer scheme i made only goes for the resource filestream, not memorystream, so they can easly see all the strings there.

So what i need is a way to protect my resource stub from being read and exported from my wrapper exe.
Only my wrapper exe should be able to decrypt the resource before actually loading it up.

Cheers Jocke

Comment
Watch Question

Social distance; Wear a mask; Don't touch your face; Wash your hands for 20 seconds
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for giving it a try. Not what im looking for though. I'd like ways or code that would explain it. Pure code. Is there some way to include the res file code wise and encrypt it? Or is it perhaps better to add the data after EOF?
aikimarkSocial distance; Wear a mask; Don't touch your face; Wash your hands for 20 seconds
CERTIFIED EXPERT
Top Expert 2014

Commented:
Unless your res-handling code is secure, you are open to hacks/cracks.  I suggest you obfuscate your code with something like Themida (http://oreans.com).

Assuming your code is secured against hacking, you can encrypt the res file contents before running RC.EXE.  Bringing the res file contents into memory as encrypted should provide you some level of memory dump (spy, peek) protection.  When you actually need to access the res file contents, you can decrypt on-the-fly.  Be aware that storing the decrypted contents of the res file in variables leaves you open to memory dumps.

Author

Commented:
Yes, I got around it by adding sevral Anti-dump and anti-debug protections.
Of course, they will get bypassed. Byt uts enough for me :)
aikimarkSocial distance; Wear a mask; Don't touch your face; Wash your hands for 20 seconds
CERTIFIED EXPERT
Top Expert 2014

Commented:
You can minimize the window dump/debug/spy opportunity by doing the following:
1. leave the .res file contents in encrypted format.
2. decrypt only the part(s) of the .res file you need at the moment you need it/them.
3. When you have finished with the decrypted parts of the res file, reset the variables with code that will not change the allocation of the variables' memory footprint.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.