[Full-disclosure] plz suggest security for DLL functions
johnlacour at gmail.com
Sat Jul 2 01:41:35 BST 2005
Another suggestion - also not bullet proof - but largely effective:
1) Write a kernel mode driver that hooks the Win32 APIs to load DLLs
and filter any calls by programs other than your own.
2) Ensure your driver protects itself. There's a long list of things
to do including:
- protect the registry key / hive
- protect the driver file
- protect access to physical memory
- etc. etc.
3) Ensure that attacks to undo API hooks are prevented.
See http://www.security.org.sg/code/sdtrestore.html as an example of
these attacks (which can be used for evil or good in the case of
undoing rootkit hooks).
As others have mentioned, the above made be significantly more
expensive than the good EULA and lawyers route.
On 6/30/05, Gaurav Kumar <gkverma at gmail.com> wrote:
> We are developing a software that makes use of a COM DLL. The whole
> logic lies in the dll. The User Interface is in VC++. DLL exposes
> functions, application calls it and displays result. Now, we found
> that anybody can copy the DLL, register it and make use of those
> Please guide us in making those functions secret or encrypted so that
> others cannt use our functions.
> thanks and regards,
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.