Re: [Full-disclosure] plz suggest security for DLL functions

• Previous message: Joachim Schipper: "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• In reply to: Gaurav Kumar: "[Full-disclosure] plz suggest security for DLL functions"
• Next in thread: Gaurav Kumar: "Re: [Full-disclosure] plz suggest security for DLL functions"
• Reply: Gaurav Kumar: "Re: [Full-disclosure] plz suggest security for DLL functions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 1 Jul 2005 17:41:35 -0700
To: Gaurav Kumar <gkverma@gmail.com>

Another suggestion - also not bullet proof - but largely effective:

1) Write a kernel mode driver that hooks the Win32 APIs to load DLLs
and filter any calls by programs other than your own.

2) Ensure your driver protects itself. There's a long list of things
to do including:
- protect the registry key / hive
- protect the driver file
- protect access to physical memory
- etc. etc.

3) Ensure that attacks to undo API hooks are prevented.
See http://www.security.org.sg/code/sdtrestore.html as an example of
these attacks (which can be used for evil or good in the case of
undoing rootkit hooks).

As others have mentioned, the above made be significantly more
expensive than the good EULA and lawyers route.

-John

On 6/30/05, Gaurav Kumar <gkverma@gmail.com> wrote:
> friends,
>
> We are developing a software that makes use of a COM DLL. The whole
> logic lies in the dll. The User Interface is in VC++. DLL exposes
> functions, application calls it and displays result. Now, we found
> that anybody can copy the DLL, register it and make use of those
> functions.
>
> Please guide us in making those functions secret or encrypted so that
> others cannt use our functions.
>
> thanks and regards,
> gaurav
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: Joachim Schipper: "Re: [Full-disclosure] Publishing exploit code - what is it good for"
• In reply to: Gaurav Kumar: "[Full-disclosure] plz suggest security for DLL functions"
• Next in thread: Gaurav Kumar: "Re: [Full-disclosure] plz suggest security for DLL functions"
• Reply: Gaurav Kumar: "Re: [Full-disclosure] plz suggest security for DLL functions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]