On Sat, 02 Jul 2005 02:58:11 GMT, John Smith <js****@company.com>
wrote in comp.lang.c:
My program includes a use of strstr(). It looks like this:
if(strstr(*str1, *str2)
..........
After compiling the code, I opened the program with a hex editor
(this is on Windows). Sure enough, I found str2 in the compiled code.
Is there a simple alternative (preferrably still using strstr) to
achieve the same objective without revealing str2 in the compiled
code?
Sure, select any mechanism you like to encrypt str2. For a simple
example, xor each character treated as an unsigned char with a
constant value, for example 0x55.
Put the result in your program as an array of unsigned char. At run
time, decrypt it before using.
For "hello", in your source do:
#include <stdio.h>
#define CRYPT 0x55
unsigned char str2 [6] = { 'h' ^ CRYPT, 'e' ^ CRYPT,
'l' ^ CRYPT, 'l' ^ CRYPT, 'o' ^ CRYPT };
int main()
{
int count;
char *cp = (char *)str2;
printf("Before decryption: %s\n", cp);
for (count = 0; count < 5; ++count)
{
str2 [count] ^= CRYPT;
}
printf("After decryption: %s\n", cp);
return 0;
}
Output:
Before decryption: =099:
After decryption: hello
Feel free to use methods other than xor with a constant. Remember to
do your encryption and decryption on unsigned chars.
Be careful in general not to depend on C string functions while your
array is in the encrypted state, as one of the real characters in the
plain text might become '\0' when encrypted. In the example xor with
0x55, the ASCII character 'U' will become '\0' when encrypted.
--
Jack Klein
Home:
http://JK-Technology.Com
FAQs for
comp.lang.c
http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++
http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++
http://www.contrib.andrew.cmu.edu/~a...FAQ-acllc.html 
