DLL - Checking validity - Programmer

This is a discussion on DLL - Checking validity - Programmer ; Hello All, I'm after ideas or experience. I have some functionality in a DLL that requests a "license" from a remote license server (all bespoke and written by me). I want this behaviour in a DLL as I intend to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: DLL - Checking validity

  1. DLL - Checking validity

    Hello All,
    I'm after ideas or experience.
    I have some functionality in a DLL that requests a "license" from a remote
    license server (all bespoke and written by me). I want this behaviour in a
    DLL as I intend to call it from both VB and C++. From a hackers perspective
    it would be easy to replace the DLL with one of their own that simply
    'grants' the 'license' without asking the server. How can I ensure only the
    "kosher" DLL is ever used??
    Any help would be appreciated.
    Regards
    Paul



  2. Re: DLL - Checking validity

    "Paul Caswell" wrote in message
    news:5hvec.49$NJ5.11@newsfe5-gui.server.ntli.net...
    > Hello All,
    > I'm after ideas or experience.
    > I have some functionality in a DLL that requests a "license" from a remote
    > license server (all bespoke and written by me). I want this behaviour in

    a
    > DLL as I intend to call it from both VB and C++. From a hackers

    perspective
    > it would be easy to replace the DLL with one of their own that simply
    > 'grants' the 'license' without asking the server. How can I ensure only

    the
    > "kosher" DLL is ever used??
    > Any help would be appreciated.
    > Regards
    > Paul
    >


    1. Add a custom resource to your DLL that is large enough to contain
    a digital signature.

    2. Compile the DLL.

    3. Sign the DLL by sending the DLL through a digital signature algorithm,
    skipping over your custom resource in the DLL.

    4. Put the digital signature into the DLL at the location of the custom
    resource.

    5. On DLL initialization, send the DLL through the digital signature
    algorithm,
    skipping over your custom resource, then compare it to the signature stored
    in the custom resource.

    --
    Best regards,

    Barry S. Kyker





+ Reply to Thread