Wow thanks Ian There is obviously much more to this than I first thought :-)
Yeah, I like the encryption key thing. I need to do something like this anyway in my main app. To add a little flesh to this.... I have an app that we sell. Another company wants to sell our app but use their own licensing/security. We don't want to give them the source code for our app and so are creating a dll with an API doc to let them in. They create their own simple exe and use our dll to make a few calls (we tell them which calls to make) Their exe shells to ours if their security checks out. So we supply our compiled code with no protection and they add a protection layer via an exe that uses our security dll. Our dll will create an encrypted file on the HD and our main app will de-crypt it before running. This is our secondary security check. They wont have access to the encryption method because it will be compiled in our dll. We only need to tell them "make a call to function XYZ to create the crypt string/file" Problem is if the dll calls are "obvious" then anyone could write a simple exe and use the same call to run our app. Your protection idea will work here though I think Similarly if our API doc got out onto the net we are compromised :-) I can't see anyway round this without a total trust on our part that the API doc won't go live. I.E we have to give the API to the company but need to trust them that it wont leak out!!!! So thinking about it, it's the API doc that needs protecting more than anything else!!! This is probably impossible :-( Sorry to ramble on but I need to try and get my head round this Thanks Julian -----Original Message----- From: Ian Brooke [mailto:[EMAIL PROTECTED] Sent: 27 January 2005 16:41 To: [email protected] Subject: Re: [vbhelp] Protecting a dll? Julian, It's not a perfect solution but why not include a sub which takes an encrypted key and which unlocks the others. You could make the key dependent on all sorts of obscure things such as date/time, app version, dll version etc etc which your app would know how to construct at runtime but others won't. If every other function in the dll checks that key has been provided before doing anything then you've gone someway towards securing it - at the very least it makes it much harder for someone to crack. Your problem then of course is having a way for the other functions to recognise that it was the current calling process which has supplied a correct key but there's many ways to overcome this, for example, pass the unlock routine a 2nd value (say a hwnd) and pass that same hwnd with each other call (that saves you having to recalculate the key every call). You could even have a double check if the unlock routine used that Hwnd to check something about the form (for example it's title) and rejected the key if it wasn't correct. Ian ----- Original Message ----- From: Julian Holt To: [email protected] Sent: Thursday, January 27, 2005 5:55 AM Subject: [vbhelp] Protecting a dll? Guys I have written a dll (ActiveX) and want to protect it in some way. I will pass it on to our users but I don't want someone conversant with VB, C etc to be able to "use it" in their own apps without my documentation. In VB6 there is a tool called Object Browser. Basically using this you can figure out all the function calls within my DLL. Is there any way to stop this? I could use cryptic function names so its not obvious what they do, but there must be a better way? I use a tool to protect our exe files (encrypt) but it doesn't work with DLLs. Any idea of 3rd party apps that I could use to wrap around my dll? Thanks for any thoughts Julian Holt [Non-text portions of this message have been removed] '// ======================================================= Rules : http://ReliableAnswers.com/List/Rules.asp Home : http://groups.yahoo.com/group/vbHelp/ ======================================================= Post : [email protected] Join : [EMAIL PROTECTED] Leave : [EMAIL PROTECTED] '// ======================================================= -------------------------------------------------------------------------- ---- Yahoo! Groups Links a.. To visit your group on the web, go to: http://groups.yahoo.com/group/vbhelp/ b.. To unsubscribe from this group, send an email to: [EMAIL PROTECTED] c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. [Non-text portions of this message have been removed] '// ======================================================= Rules : http://ReliableAnswers.com/List/Rules.asp Home : http://groups.yahoo.com/group/vbHelp/ ======================================================= Post : [email protected] Join : [EMAIL PROTECTED] Leave : [EMAIL PROTECTED] '// ======================================================= ---------------------------------------------------------------------------- -- Yahoo! Groups Links a.. To visit your group on the web, go to: http://groups.yahoo.com/group/vbhelp/ b.. To unsubscribe from this group, send an email to: [EMAIL PROTECTED] c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. [Non-text portions of this message have been removed] '// ======================================================= Rules : http://ReliableAnswers.com/List/Rules.asp Home : http://groups.yahoo.com/group/vbHelp/ ======================================================= Post : [email protected] Join : [EMAIL PROTECTED] Leave : [EMAIL PROTECTED] '// ======================================================= Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/vbhelp/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
