I have a DLL file that I purchased (Without the Source Code) and I'm linking it to my application, simply by using "LoadLibrary("file.dll")", then it imports a function that gets an unique ID of the computer. Now let's say that our hacker detected the name of this function and now he's creating a new dll file, with the same name and the same function's name in it.
His new DLL file will be replaced (simply by grabbing his dll to the directory and replacing with mine) and the function of the unique ID is available but returns nothing. So now my application gets a blank unique ID and the hacker got out of my hands.
Any ideas how to prevent it? my project is programmed on C++.
Thanks in advance.
You could ask the company from which you get the DLL to provide a LIB of this DLL. Then you could statically link to this LIB. When doing this, the code of the library would be part of your code and thus transparent to hooking!.
Another possibility (in the case of an external DLL is really necessary): you could try to convince your DLL provider to export the function NOT by NAME but by Ordinal. This leads to security by obscurity. This would not prevent hooking or replacement, but at least this would not make the exported function evident to understand. Like 73 (exported function by number) instead of CreateMyFile (exported function by name).
Related
I feel like I'm missing some key idea with this one.
I have a library that I'd like to create a CMakeLists.txt file for. I want to link against it with different applications.
This library expects a conf.h file to be defined. The application has to provide this. The library expects it. What is this relationship called?
My current solution in CMakeLists.txt is to have a variable like:
...
target_include_directories(lib PUBLIC
${CONF_DIR}
)
And then have CONF_DIR be defined by the application. This is uncool, because I can't have multiple applications linking against it.
The only other alternative is to keep a copy of the entire source library inside the application folder, which is also uncool.
I'm looking to maximize reusability. How do I approach this?
Side note: For anyone who's familiar, the library in question is STM32Cube's HAL library, and the pesky file is stm32h7xx_hal_conf.h.
This is a very common approach, when a library requires configuration. FreeRTOS would be another example.
I don't see the issue with modifying the target_include_directories for the library from the App's CMakeLists.txt.
Usually, I create a function to handle the library set-up. The call site would look something like this:
add_stm32_hal_lib(
PATH drivers/STM32H7xx_HAL_Driver
EXTRA_INCLUDES path/to/config
)
# ...
target_link_libraries(app PUBLIC stm32_hal)
The contents of the EXTRA_INCLUDES parameter get shoved into target_include_directories of the static library.
You can't do anything about this, so you'll have to copy the library code.
The header file is used during library compilation stage, so its code ends up being hardwired into the final binary. Because of this, if you want to change some parameters from the header, you need to recompile the library from scratch.
Ideally, the library should be rewritten in such way, that all parameters that are contained in the header can be set up dynamically, during the runtime, using some additional configuration API.
I have successfully taken bio-metric prints and posted to the node server using the futronic sdk. I want to be able to use this library likewise for matching in the server because that's where the bio-metric prints for all users are stored. I stubbled upon the node-ffi library that helps define equivalent C functions that I have exported and compiled it down to a .dll file.
Now the challenge here is that I have tried to port the ftrAnsiSDK functions but the ftrScanAPI.dll and the ftrAnsiSDK.dll file could not be compiled together. It gives this error:
...collect2.exe [Error] ld returned 5 exit status
When I compile and export the functions that are not dependent on these two libraries, my code works fine and the functions are easily exported and used in the node server. Please can any one give me a hint?
Here is the link to the repo. It consists of the lib and .dll library that is been used.
For the server code here is a snippet of what I am trying to achieve:
var libm = ffi.Library('lib/visystem', {
'HelloWorld': [ 'void', [] ],
'PrintErrorMessage': [ 'void', ['int'] ],
'CaprureImage': [ 'int', ['int','int','int'] ]});
The HelloWord and PrintErrorMessages are methods that I used as a test case to ensure the functions are being exported before I proceeded to the main functions (you can see the function definition in from the code in the repo.. ) that depends on the futronic lin and sdk.
I am currently using a 64-bit operation system and I installed the same program on a 32-bit machine to be sure, but it still did not compile and export the function. The code editor I am using is Dev++C.
Can anyone help or even give me hint on how to achieve this goal?
As a disclaimer, I'm not familiar with the Dev-C++ IDE or MinGW development.
However, after a cursory look at your github repo, according to your libvisystem.def file, it appears that the only functions that are exported by your DLL are:
HelloWorld
PrintErrorMessage
ReadTemplateFile
SaveBmpFile
SaveTemplateFile
This is also confirmed when looking at the libvisystem.a library header:
So you should probably start by manually add the rest of the exported functions in your dll.h to the def file, in a similar manner to the ones that are already there, and see if that changes anything.
NOTE:
I'm not sure whether the __declspec(dllexport) directive is ignored by the Dev-C++ compiler/linker and it uses the def file instead. Perhaps others on SO have an idea.
I'm working with pocketsphinx. It comes in 2 dlls. sphinxbase.dll and pocketsphinx.dll. pocketsphinx.dll calls on functions in sphinxbase.dll. I'm going to be calling functions in both. I'd like to know the easiest way to merge both source files into producing a single dll.
I've tried this before but I run into the problem of pocketsphinx using sphinxbase leading to a warning/error about importing functions I'm trying to export.
What's the common solution to get around this?
Should I remove the dllexport tags from sphinbase and then wrap those functions inside other functions that I then export?
Example
//inside sphinxbase
SPHINXBASE_DLL_EXPORT
void sphinxbasefunc();
//inside pocketsphinx
POCKETSPHINX_DLL_EXPORT
char* decode(ps_decoder_t decoder)
{
...
sphinxbasefunc();
...
}
Then I would remove the SPHINXBASE_DLL_EXPORT macro and create a wrapper that I would then export.
//inside sphinxbase
void sphinxbasefunc();
WRAPPER_DLL_EXPORT
void sphinxbasefunc_wrapper() { sphinxbasefunc(); }
This solution I think is naive on my own part though. Theres dozens of functions I would need to wrap if I took this route.
One thing to realize is like an exe, a dll is just a collection of one or more object files bound into a package. Combining object files into dlls/exes is the linker's job. If you want to combine your two dlls into one, combine the object files that make up your two dlls into one dll. When you do that your references will no longer be to dlls, but directly to the objects themselves (source code changes will be required, but mostly this is removing dllimports), so it should be a much more direct process (include the header, make sure the object is included in the link). You only need to export those functions required by consumers of the final dll. Basically put the source for both dlls into one project. I'm assuming of course that you have the source for these dlls (which is how it appears from the url given). If you end up with circular dependencies you may have to create some forward declarations or additional header files to keep the compiler happy.
This seems like a noob question, but all my searches return stuff about C++ or C# so I'm going to ask it here.
I have a DLL, SDL.dll, in the directory with my .c file. I want to import it to use.
using is not supported, #import doesn't work.
No directive in the source will help you, you can either
link to the DLL, use a so-called lib file for this. (This is a statically dynamic linking)
use LoadLibrary/FreeLibrary and GetProcAddress to map the addresses of functions to function pointers (true dynamic linking)
In the first case you also need an appropriate header file which matches the platform and version of the DLL used.
The second solution will work if you drop-in a newer version of the DLL as long as the prototypes of the functions used match.
This assumes you are under Windows, which is probably the case if you have a *.dll and not an *.so (shared object) file. (For Linux systems, you can include dlfcn.h and use dlopen/dlclose/dlsym instead of LoadLibrary/FreeLibrary/GetProcAddress with a slightly different syntax, check the doc)
this is quite possible assuming your DLL is in the correct form (the same standards as Windows API DLLs for example)
you need to declare you functions - perhaps in a header file, like this:
typedef void (CALLBACK *functionnameptr)(char *, int),
Then you use LoadLibrary to load the DLL, and provide a Handle to it:
handle = LoadLibrary("SDL.DLL");
Then you use GetProcAddress(handle,"real function name in DLL")
like this:
functionnameptr lptrfunction;
lptrfunction = GetProcAddress(handle,"real function name in DLL");
Now you can use the lptrfunction as you would normally use a function in C
Assuming you're using Visual Studio.
1.) Download http://www.libsdl.org/release/SDL-1.2.15.zip
2.) unzip and install to for example C:\SDL-1.2.15
3.) In Visual Studio open the properties of the project goto C++ general and add C:\SDL-1.2.15\include to "Additional include directories".
4.) Goto the "Linker" tab and add C:\SDL-1.2.15\lib\x86 to "Additional library directories".
5.) Now go to "Input" under the Linker tab and add SDL.lib; SDLmain.lib to "Additional dependencies"
6.) Go to the "Build Events" tab and "Post build event" and add copy /y C:\SDL-1.2.15\lib\x86\SDL.dll "$(OutDir)
That should do get your SDL working for Visual Studio in 32bit
On Linux if SDL is already installed just type "g++ -02 -o foo foo.cpp -lSDL"
I am trying to use Eclipse and NetBeans for programming in C (not C++). Is there a feature/plugin for them which automatically keeps the source and header files in sync?
As in, when I implement a function in the source file, does it automatically insert the correct lines in the header file?
I did look at solutions like lzz, but they are not what I am looking for.
Eclipse CDT allows you to write a prototype in the header file, and automatically add it to the C file.
Instructions
Add function prototype to .h file void foobar()
Select the function name "foobar" (try double clicking)
In the toolbar click Source -> Implement Method
Wizard it up
Thats probably the best you're gonna get out of the box
Agree with approach proposed by Ryu. In C, I would not automatically create declarations in headers. This should be an explicit action making public some symbol from the C module.
However if declaration/implementation are already setup and you want to modify any of them, I imagine that with Eclipse you may want to use Toggle Function Definition in a possible workflow where you copy in clipboard intermediate toggling results and paste them later over the changed declaration or implementation declaration.
Also use rename refactoring intensively when you change things.