Solved

What's the best way to protect DLL API access? (C)

Posted on 2010-08-16
3
683 Views
Last Modified: 2012-05-10
Experts,

I'm looking for a way to protect which application can call which API of a DLL I'm creating. For example, I have a DLL to manage multiple devices. One application should be able to open one device but the second application should not be able to open that same device. Only the first application should be able to 'work' with the device and execute other APIs against the same device.

I could do this by passing back a random string from the open API to the first application which it could then use as 'password' and input param for every other API for this device. Is there a better, more secure way of doing it?
0
Comment
Question by:php-newbie
3 Comments
 
LVL 40

Expert Comment

by:evilrix
ID: 33449329
COM provides a mechanism to do something similar to what you want to achieve via the IClassFactory2 interface.
http://msdn.microsoft.com/en-us/library/ms680095(VS.85).aspx

If this is a key implementation detail you could wrap your DLL with a COM interface.
0
 
LVL 33

Accepted Solution

by:
pgnatyuk earned 500 total points
ID: 33449494
Make a table of the devices and IDs of the connected to them processes somewhere in the shared memory. Protect this shared memory with a named mutex. When an application will open a device, your DLL will register this application in this table in the shared memory. Any next call will verify the registration.
Instead of the shared memory you can use a disk file.
0
 
LVL 6

Expert Comment

by:ChristianWimmer
ID: 33450090
Sorry, I reject. Mutex and shared memory will not work since Terminal Sessions will not allow this. Every session has its own set of resources. You would need to create a GLOBAL mutex, but this is only available to admins.
You cannot secure DLL function calls bullet proof against this because a DLL is run in the context of the calling process and thus in its realm where it can nearly do whatever it want.
A shared file also has some problems, including access rights and the problem of leaving it alive after process' life.

If you really want to make it right, you should have used an extra process, either a real service or a COM single instance server. Only in this way your device is protected, since you have a good security barrier.

I'm not sure, but you are talking about a real device, maybe using a device driver? If so, I would suggest to put the check into the driver function IO message.

In the end, to protect resources, it is always the best (and only way) to put a third independent party between device and consumers.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASP.net build a IF/Then Walkthrough Guide 1 210
C++ standard library based binary archive format 6 98
computer science syllabus 3 82
nested if statement in excel help 4 26
Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
This article shows you how to optimize memory allocations in C++ using placement new. Applicable especially to usecases dealing with creation of large number of objects. A brief on problem: Lets take example problem for simplicity: - I have a G…
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use nested-loops in the C programming language.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question