Announcement

**Fred Oxenby** · 30 Sep 2001, 02:37 PM

You "hide" a cmdline-variable, I use "/FOX"

Code:

Function PBMain() as long
Local CmdLine$
  If Instr(Command$,"/FOX") = 0 Then Exit Function
  CmdLine$ = Command$
  rc& = DecodeCommand(CmdLine$)
...etc
...etc
End function

------------------
Fred
mailto:[email protected][email protected]</A>
http://www.oxenby.se

**Gregery D Engle** · 30 Sep 2001, 07:24 PM

can't you simply use a mutex?

If the mutex exists then it is being run by the "Master" .exe
if not then it isn't.

Although I think when the app that created the mutex exits it
will automatically close the mutex so you might want to wait
for the shelled app to return before exiting.

In either case you should release the mutex when exiting. I'll
try and make a sample for you tomorrow when I'm at work.

------------------
-Greg

[This message has been edited by Gregery D Engle (edited September 30, 2001).]

**Scott Turchin** · 30 Sep 2001, 08:41 PM

Code:

'This will prevent ap rogram from running twice...
Local hMutex As Long
Local lpClassname as Asciiz * 20
lpClassname = "MY PROGRAM"
If IsTrue App_PrevInstance(lpClassname) Then
   Exit Function
Else
   hMutex = CreateMutex(ByVal %Null, 0, lpclassName)
End if
'Now The mutex is created...
DO not forget to do this before exiting!!!
CloseHandle hMutex

'
'
Function App_PrevInstance(lpclassName As Asciiz) Export As Long
Local hMutex As Long
hMutex = CreateMutex(ByVal %Null, 0, lpclassName)
If hMutex = 0 Then Exit Function ' Error in Mutex
If GetLastError = %ERROR_ALREADY_EXISTS Or FindWindow(lpClassName, "") > 0 Then Function = %TRUE
CloseHandle hMutex
End Function

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software http://www.tngbbs.com/ccs

[This message has been edited by Scott Turchin (edited September 30, 2001).]

**Wayne Diamond** · 30 Sep 2001, 08:48 PM

Mutexes etc are good for stopping multiple instances of programs but maybe I read Henning's question differently. Henning, you've got mainprog.exe, and register.exe - you only want to allow mainprog.exe to call register.exe
How about - mainprog.exe executes register.exe, and passes a parameter of "c:\program files\mainprog.exe" (or whereever youve put mainprog.exe)
Register.exe then does a quick check on the filesize and CRC32 checksum of the file that was parsed to it in the commandline parameters - in this case "c:\program files\mainprog.exe". If the checksum and filesize are incorrect, register.exe knows that it's not being executed by mainprog.exe but rather a rogue program, or it is simply being executed on its own (eg. Start | Run)
Hope that makes sense!
You could use mutex(es), but there's no real way of determining which program is using the mutex so you wouldn't be able to determine if the mutex was hijacked (whereas if you're checksum-checking a file, it's practically not pheasable to create two different executables with the same checksum and filesize etc)

Best of luck,
Wayne

[This message has been edited by Wayne Diamond (edited September 30, 2001).]

**Scott Turchin** · 30 Sep 2001, 08:48 PM

Change the IsTrue App_PrevInstance to IsFalse App_PrevInstance and give it your master.exe's lpClassname

Walah as we say in America...

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software
http://www.tngbbs.com/ccs

**Russ Srole** · 30 Sep 2001, 09:14 PM

Henning,

I think I may be missing something here, but couldn't register.exe
be a DLL? Then only you will call it.

Russ Srole

------------------

**Henning Wallgren** · 1 Oct 2001, 10:09 AM

Fred's sample of using the command line works really well,
and it's simple (+ I get to pass values which determines where in
the registration the user is (step 1-2-3 kinda deal).)

Thanks for the mutex samples, I'm using it to stop the main program
from running twice.

Wayne, how do you check the filesize / CRC32 checksum?

Russ, I thought of making it a dll, but then it's loaded into memory right?
The registration is only going to be run once or twice, and once the process
is done it's really not needed anymore which is why I wanted it in
a separate exe.

Thank you all.

------------------
Henning

**Russ Srole** · 1 Oct 2001, 03:34 PM

Henning,

The windows API has a loadlibrary, freelibrary set of commands to
load and release things, but Freds way does sound like a nice, simple,
elegant way of solving the problem. The only thing you should do,
is make sure that Register.exe is there. Also you might want to
name it something else, just so to throw the curious off a bit.

Russ Srole

------------------

**Wayne Diamond** · 1 Oct 2001, 07:29 PM

Henning, I agree with Russ, I think that a DLL would be a lot better for this purpose, but here is what I meant about checking filesize of the calling program:

Code:

'[b]LOADER.BAS[/b]
#COMPILE EXE "loader.exe"
#INCLUDE "win32api.inc"
 
FUNCTION AppExeName() AS STRING
ON ERROR RESUME NEXT
  LOCAL hModule AS LONG
  LOCAL buffer  AS ASCIIZ * 256
  hModule = GetModuleHandle(BYVAL 0&)
  GetModuleFileName hModule, Buffer, 256
  FUNCTION = Buffer
END FUNCTION
 
FUNCTION PBMAIN() AS LONG
ON ERROR RESUME NEXT
IF DIR$(CURDIR$ & "\register.exe",39) = "" THEN
   MSGBOX "Register.exe not found in " & CURDIR$
   EXIT FUNCTION
END IF
SHELL CURDIR$ & "\register.exe " & AppExeName
END FUNCTION

Code:

[b]'REGISTER.BAS[/b]
#COMPILE EXE "register.exe"
#INCLUDE "win32api.inc"
 
FUNCTION FileSize(BYVAL f AS STRING) AS LONG
 ON ERROR RESUME NEXT
  LOCAL FindData AS WIN32_FIND_DATA
  LOCAL hDir AS LONG
  hDir = FindFirstFile(BYVAL STRPTR(f), FindData)
  IF hDir = %INVALID_HANDLE_VALUE THEN
    FUNCTION = -1
    EXIT FUNCTION
  END IF
  FindClose hDir
  FUNCTION = FindData.nFileSizeLow
END FUNCTION

FUNCTION PBMAIN() AS LONG
LOCAL CMD$
CMD$ = COMMAND$
IF TRIM$(CMD$) = "" THEN
 EXIT FUNCTION  'End - no params received
ELSEIF DIR$(CMD$, 39) = "" THEN
 EXIT FUNCTION  'End - param received, but it didnt exist as a file
ELSEIF FileSize(CMD$) <> 8192 THEN
 EXIT FUNCTION  'End - param received, but its not the correct filesize
                '8192 is the size of loader.exe
ELSE
 'Success - she's the right filesize. (do any checksums etc here)
 MSGBOX "You may now register!"
END IF
END FUNCTION

------------------

**Henning Wallgren** · 1 Oct 2001, 10:46 PM

Wayne,

Thank you.

------------------
Henning

**Steve Hutchesson** · 2 Oct 2001, 03:14 AM

Henning,

I agree with Fred's idea, its simple clean and tidy but there is
a trick that is reasonably easy to do that will make it harder
for some smart guy to look up the key word in a hex editor,
construct the string to compare the command line dynamically
instead of storing it as a string constant.

a$ = "MyPassWord"

can be found in a hex editor very easily, if you construct the
password from numbers in different places with CHR$(?) there is no
trace of the password in the DATA section of the file so the would
be "smart guy" will have to do a lot more work to find out what it
is. It can be done but this will make the task a lot harder for
very little work.

Regards,

[email protected]

------------------

**Scott Turchin** · 2 Oct 2001, 05:07 AM

What I do is use my encrypting tool to encrypt/convert the string...

So in the end "MYPASSWORD" might look like "AD1F4A/4E#".

But if you step through with a debugger you may be able to catch all of this..

Again there is no safe method, and if I'm not mistaken some of those debuggers can read the commandline going into the app?

------------------
Scott Turchin
MCSE, MCP+I
Computer Creations Software
http://www.tngbbs.com/ccs

**Scott Slater** · 2 Oct 2001, 06:14 AM

The productive person wouldn't need a hex editor. Just the following simple
PB DOS, or PBCC program:

PRINT COMMAND$

this program would be then renamed to the name of the 2nd program and
voila! there's the propper command string to start it up...

I think the DLL idea would be safer, or use an EXE version with a different
entry point that can be loaded using the LOADLIBRARY API. I haven't tested
anything like this but think it can be done since the WinAPI help file
says that LoadLibrary can be used to load EXE's or DLL's. Then you would
use some code like this in your EXE:

Code:

#Compile EXE
  
Sub StartUp Alias "StartUp" Export
   ' This is your "Real" starting Point
   ' put your protected code's entry point here
End Sub
  
Function PbMain
   MsgBox "Please Run the Program XYZ",, "Cannot Start Program"
End Function

Like I said, I didn't actually try this, but it should work I would
guess.

Scott

------------------

**John Reinking** · 2 Oct 2001, 10:27 AM

A command$ line scheme I (we) use at work is to have the "LOADER" program pass the results of TIMER. The reciprocal application then checks the TIMER again. If the two values are within 5 seconds of each other, then the reciprocal app continues.

------------------

Announcement

Making EXE unable to start on it's own

Making EXE unable to start on it's own

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment