Solved

What's the best way to protect DLL API access? (C)

Posted on 2010-08-16
3
705 Views
Last Modified: 2012-05-10
Experts,

I'm looking for a way to protect which application can call which API of a DLL I'm creating. For example, I have a DLL to manage multiple devices. One application should be able to open one device but the second application should not be able to open that same device. Only the first application should be able to 'work' with the device and execute other APIs against the same device.

I could do this by passing back a random string from the open API to the first application which it could then use as 'password' and input param for every other API for this device. Is there a better, more secure way of doing it?
0
Comment
Question by:php-newbie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 40

Expert Comment

by:evilrix
ID: 33449329
COM provides a mechanism to do something similar to what you want to achieve via the IClassFactory2 interface.
http://msdn.microsoft.com/en-us/library/ms680095(VS.85).aspx

If this is a key implementation detail you could wrap your DLL with a COM interface.
0
 
LVL 33

Accepted Solution

by:
pgnatyuk earned 500 total points
ID: 33449494
Make a table of the devices and IDs of the connected to them processes somewhere in the shared memory. Protect this shared memory with a named mutex. When an application will open a device, your DLL will register this application in this table in the shared memory. Any next call will verify the registration.
Instead of the shared memory you can use a disk file.
0
 
LVL 6

Expert Comment

by:ChristianWimmer
ID: 33450090
Sorry, I reject. Mutex and shared memory will not work since Terminal Sessions will not allow this. Every session has its own set of resources. You would need to create a GLOBAL mutex, but this is only available to admins.
You cannot secure DLL function calls bullet proof against this because a DLL is run in the context of the calling process and thus in its realm where it can nearly do whatever it want.
A shared file also has some problems, including access rights and the problem of leaving it alive after process' life.

If you really want to make it right, you should have used an extra process, either a real service or a COM single instance server. Only in this way your device is protected, since you have a good security barrier.

I'm not sure, but you are talking about a real device, maybe using a device driver? If so, I would suggest to put the check into the driver function IO message.

In the end, to protect resources, it is always the best (and only way) to put a third independent party between device and consumers.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is a continuation of the C/C++ Visual Studio Express debugger series. Part 1 provided a quick start guide in using the debugger. Part 2 focused on additional topics in breakpoints. As your assignments become a little more …
This tutorial is posted by Aaron Wojnowski, administrator at SDKExpert.net.  To view more iPhone tutorials, visit www.sdkexpert.net. This is a very simple tutorial on finding the user's current location easily. In this tutorial, you will learn ho…
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question