Announcement

Collapse
No announcement yet.

Making EXE unable to start on it's own

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Making EXE unable to start on it's own

    Hi all,

    I am writing a login and a registration interface for my program.
    The login is part of the main program, which also has a password
    protection. For the registration part, I wish to make this a separate
    executable. I want to make the registration program so that it only
    can be run from within the main program. Is there a 'smart' way
    to make an exe unable to start on it's own?

    ------------------
    Henning
    Henning

  • #2
    You "hide" a cmdline-variable, I use "/FOX"
    Code:
    Function PBMain() as long
    Local CmdLine$
      If Instr(Command$,"/FOX") = 0 Then Exit Function
      CmdLine$ = Command$
      rc& = DecodeCommand(CmdLine$)
    ...etc
    ...etc
    End function

    ------------------
    Fred
    mailto:[email protected][email protected]</A>
    http://www.oxenby.se

    Fred
    mailto:[email protected][email protected]</A>
    http://www.oxenby.se

    Comment


    • #3
      can't you simply use a mutex?

      If the mutex exists then it is being run by the "Master" .exe
      if not then it isn't.

      Although I think when the app that created the mutex exits it
      will automatically close the mutex so you might want to wait
      for the shelled app to return before exiting.

      In either case you should release the mutex when exiting. I'll
      try and make a sample for you tomorrow when I'm at work.

      ------------------
      -Greg

      [This message has been edited by Gregery D Engle (edited September 30, 2001).]
      -Greg
      [email protected]
      MCP,MCSA,MCSE,MCSD

      Comment


      • #4
        Code:
        'This will prevent ap rogram from running twice...
        Local hMutex As Long
        Local lpClassname as Asciiz * 20
        lpClassname = "MY PROGRAM"
        If IsTrue App_PrevInstance(lpClassname) Then
           Exit Function
        Else
           hMutex = CreateMutex(ByVal %Null, 0, lpclassName)
        End if
        'Now The mutex is created...
        DO not forget to do this before exiting!!!
        CloseHandle hMutex
        
        '
        '
        Function App_PrevInstance(lpclassName As Asciiz) Export As Long
        Local hMutex As Long
        hMutex = CreateMutex(ByVal %Null, 0, lpclassName)
        If hMutex = 0 Then Exit Function ' Error in Mutex
        If GetLastError = %ERROR_ALREADY_EXISTS Or FindWindow(lpClassName, "") > 0 Then Function = %TRUE
        CloseHandle hMutex
        End Function
        ------------------
        Scott Turchin
        MCSE, MCP+I
        Computer Creations Software http://www.tngbbs.com/ccs



        [This message has been edited by Scott Turchin (edited September 30, 2001).]
        Scott Turchin
        MCSE, MCP+I
        http://www.tngbbs.com
        ----------------------
        True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

        Comment


        • #5
          Mutexes etc are good for stopping multiple instances of programs but maybe I read Henning's question differently. Henning, you've got mainprog.exe, and register.exe - you only want to allow mainprog.exe to call register.exe
          How about - mainprog.exe executes register.exe, and passes a parameter of "c:\program files\mainprog.exe" (or whereever youve put mainprog.exe)
          Register.exe then does a quick check on the filesize and CRC32 checksum of the file that was parsed to it in the commandline parameters - in this case "c:\program files\mainprog.exe". If the checksum and filesize are incorrect, register.exe knows that it's not being executed by mainprog.exe but rather a rogue program, or it is simply being executed on its own (eg. Start | Run)
          Hope that makes sense!
          You could use mutex(es), but there's no real way of determining which program is using the mutex so you wouldn't be able to determine if the mutex was hijacked (whereas if you're checksum-checking a file, it's practically not pheasable to create two different executables with the same checksum and filesize etc)

          Best of luck,
          Wayne

          [This message has been edited by Wayne Diamond (edited September 30, 2001).]
          -

          Comment


          • #6
            Change the IsTrue App_PrevInstance to IsFalse App_PrevInstance and give it your master.exe's lpClassname

            Walah as we say in America...


            ------------------
            Scott Turchin
            MCSE, MCP+I
            Computer Creations Software
            http://www.tngbbs.com/ccs
            Scott Turchin
            MCSE, MCP+I
            http://www.tngbbs.com
            ----------------------
            True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

            Comment


            • #7
              Henning,

              I think I may be missing something here, but couldn't register.exe
              be a DLL? Then only you will call it.

              Russ Srole

              ------------------
              "There are two novels that can change a bookish fourteen-year old's life: The Lord of the Rings and Atlas Shrugged. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs." - John Rogers

              Comment


              • #8
                Fred's sample of using the command line works really well,
                and it's simple (+ I get to pass values which determines where in
                the registration the user is (step 1-2-3 kinda deal).)

                Thanks for the mutex samples, I'm using it to stop the main program
                from running twice.

                Wayne, how do you check the filesize / CRC32 checksum?

                Russ, I thought of making it a dll, but then it's loaded into memory right?
                The registration is only going to be run once or twice, and once the process
                is done it's really not needed anymore which is why I wanted it in
                a separate exe.

                Thank you all.



                ------------------
                Henning
                Henning

                Comment


                • #9
                  Henning,

                  The windows API has a loadlibrary, freelibrary set of commands to
                  load and release things, but Freds way does sound like a nice, simple,
                  elegant way of solving the problem. The only thing you should do,
                  is make sure that Register.exe is there. Also you might want to
                  name it something else, just so to throw the curious off a bit.

                  Russ Srole

                  ------------------
                  "There are two novels that can change a bookish fourteen-year old's life: The Lord of the Rings and Atlas Shrugged. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs." - John Rogers

                  Comment


                  • #10
                    Henning, I agree with Russ, I think that a DLL would be a lot better for this purpose, but here is what I meant about checking filesize of the calling program:
                    Code:
                    'LOADER.BAS
                    #COMPILE EXE "loader.exe"
                    #INCLUDE "win32api.inc"
                     
                    FUNCTION AppExeName() AS STRING
                    ON ERROR RESUME NEXT
                      LOCAL hModule AS LONG
                      LOCAL buffer  AS ASCIIZ * 256
                      hModule = GetModuleHandle(BYVAL 0&)
                      GetModuleFileName hModule, Buffer, 256
                      FUNCTION = Buffer
                    END FUNCTION
                     
                    FUNCTION PBMAIN() AS LONG
                    ON ERROR RESUME NEXT
                    IF DIR$(CURDIR$ & "\register.exe",39) = "" THEN
                       MSGBOX "Register.exe not found in " & CURDIR$
                       EXIT FUNCTION
                    END IF
                    SHELL CURDIR$ & "\register.exe " & AppExeName
                    END FUNCTION
                    Code:
                    'REGISTER.BAS
                    #COMPILE EXE "register.exe"
                    #INCLUDE "win32api.inc"
                     
                    FUNCTION FileSize(BYVAL f AS STRING) AS LONG
                     ON ERROR RESUME NEXT
                      LOCAL FindData AS WIN32_FIND_DATA
                      LOCAL hDir AS LONG
                      hDir = FindFirstFile(BYVAL STRPTR(f), FindData)
                      IF hDir = %INVALID_HANDLE_VALUE THEN
                        FUNCTION = -1
                        EXIT FUNCTION
                      END IF
                      FindClose hDir
                      FUNCTION = FindData.nFileSizeLow
                    END FUNCTION
                    
                    FUNCTION PBMAIN() AS LONG
                    LOCAL CMD$
                    CMD$ = COMMAND$
                    IF TRIM$(CMD$) = "" THEN
                     EXIT FUNCTION  'End - no params received
                    ELSEIF DIR$(CMD$, 39) = "" THEN
                     EXIT FUNCTION  'End - param received, but it didnt exist as a file
                    ELSEIF FileSize(CMD$) <> 8192 THEN
                     EXIT FUNCTION  'End - param received, but its not the correct filesize
                                    '8192 is the size of loader.exe
                    ELSE
                     'Success - she's the right filesize. (do any checksums etc here)
                     MSGBOX "You may now register!"
                    END IF
                    END FUNCTION
                    ------------------
                    -

                    Comment


                    • #11
                      Wayne,

                      Thank you.

                      ------------------
                      Henning
                      Henning

                      Comment


                      • #12
                        Henning,

                        I agree with Fred's idea, its simple clean and tidy but there is
                        a trick that is reasonably easy to do that will make it harder
                        for some smart guy to look up the key word in a hex editor,
                        construct the string to compare the command line dynamically
                        instead of storing it as a string constant.

                        a$ = "MyPassWord"

                        can be found in a hex editor very easily, if you construct the
                        password from numbers in different places with CHR$(?) there is no
                        trace of the password in the DATA section of the file so the would
                        be "smart guy" will have to do a lot more work to find out what it
                        is. It can be done but this will make the task a lot harder for
                        very little work.

                        Regards,

                        [email protected]

                        ------------------
                        hutch at movsd dot com
                        The MASM Forum

                        www.masm32.com

                        Comment


                        • #13
                          What I do is use my encrypting tool to encrypt/convert the string...

                          So in the end "MYPASSWORD" might look like "AD1F4A/4E#".

                          But if you step through with a debugger you may be able to catch all of this..

                          Again there is no safe method, and if I'm not mistaken some of those debuggers can read the commandline going into the app?




                          ------------------
                          Scott Turchin
                          MCSE, MCP+I
                          Computer Creations Software
                          http://www.tngbbs.com/ccs
                          Scott Turchin
                          MCSE, MCP+I
                          http://www.tngbbs.com
                          ----------------------
                          True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

                          Comment


                          • #14

                            The productive person wouldn't need a hex editor. Just the following simple
                            PB DOS, or PBCC program:

                            PRINT COMMAND$

                            this program would be then renamed to the name of the 2nd program and
                            voila! there's the propper command string to start it up...

                            I think the DLL idea would be safer, or use an EXE version with a different
                            entry point that can be loaded using the LOADLIBRARY API. I haven't tested
                            anything like this but think it can be done since the WinAPI help file
                            says that LoadLibrary can be used to load EXE's or DLL's. Then you would
                            use some code like this in your EXE:

                            Code:
                            #Compile EXE
                              
                            Sub StartUp Alias "StartUp" Export
                               ' This is your "Real" starting Point
                               ' put your protected code's entry point here
                            End Sub
                              
                            Function PbMain
                               MsgBox "Please Run the Program XYZ",, "Cannot Start Program"
                            End Function
                            Like I said, I didn't actually try this, but it should work I would
                            guess.


                            Scott


                            ------------------
                            Scott Slater
                            Summit Computer Networks, Inc.
                            www.summitcn.com

                            Comment


                            • #15
                              A command$ line scheme I (we) use at work is to have the "LOADER" program pass the results of TIMER. The reciprocal application then checks the TIMER again. If the two values are within 5 seconds of each other, then the reciprocal app continues.

                              ------------------

                              Comment

                              Working...
                              X