I want to fork a new process and my executable binary is stored inside
somewhere. Is there any possible way to fork a process using CreateProcess
API without writing to the disk first? Like let's say I want to create a
process from an array of bytes or memory stream containing the executable
data cause I want to prevent my program executable module from being stolen..
6  4080 
I want to fork a new process and my executable binary is stored inside
somewhere. Is there any possible way to fork a process using CreateProcess
API without writing to the disk first? Like let's say I want to create a
process from an array of bytes or memory stream containing the executable
data cause I want to prevent my program executable module from being stolen..
Not that I know of.
But what you want to do is not secure anyway.
You have 1 exe that starts another exe.
What you can do is to use protected storage to create a file that only your
process can access. then that process can launch that file.
But as I said, that is still not secure. the first exe still has to be on
disk somewhere, so if someone wants to steal it or disassemble it, they can
still do so.
How is that any different?
--
Kind regards,
Bruno. br**********************@hotmail.com
Remove only "_nos_pam"
Well, actually my purpose is to protect a .NET executable module from being
viewed in 3rd party tool like .NET Reflector, etc. In fact, I plan to perform
RSA encryption on the target .NET executable then perform decryption on fly
to load the program.
I tried to fork a native executable module using CreateProcess API with in
SUSPEND THREAD mode then using WriteProcessMemory to write another native
executable data into my forked process and resume the thread it works.
However, the .NET executable process doesn't work which seems the CLR done
something different in CreateProcess API compared to native code. Any other
ideas to help protecting .NET binary?
"Bruno van Dooren [MVP VC++]" wrote:
I want to fork a new process and my executable binary is stored inside
somewhere. Is there any possible way to fork a process using CreateProcess
API without writing to the disk first? Like let's say I want to create a
process from an array of bytes or memory stream containing the executable
data cause I want to prevent my program executable module from being stolen..
Not that I know of.
But what you want to do is not secure anyway.
You have 1 exe that starts another exe.
What you can do is to use protected storage to create a file that only your
process can access. then that process can launch that file.
But as I said, that is still not secure. the first exe still has to be on
disk somewhere, so if someone wants to steal it or disassemble it, they can
still do so.
How is that any different?
--
Kind regards,
Bruno.
br**********************@hotmail.com
Remove only "_nos_pam"
"ss.teo" wrote:
I want to fork a new process and my executable binary is stored inside
somewhere. Is there any possible way to fork a process using CreateProcess
API without writing to the disk first? Like let's say I want to create a
process from an array of bytes or memory stream containing the executable
data cause I want to prevent my program executable module from being stolen..
First of all, you're going to run into problems on newer systems with
Execute Disable Bit (on the CPU) and/or Data Execution Prevention options (in
Windows). Both of these options are specifically designed to try to stop you
from running data as code.
Second, some antivirus applications consider running data as code a
suspicious activity and may try to block such data/code from executing.
Third, anyone with Administrator and/or debugging privileges can attach a
debugger to your process, force it to dump its address space to disk, and
therefore have a copy of your "embedded" executable.
The .NET Framework has a way of doing something similar in the managed
world. Dynamic assemblies can run directly from memory. However, this would
not help with your IP concerns...MSIL is normally very easy to disassemble.
(MS even provides a disassembler, Ildasm.exe.)
Sean
Then it seems to be a trouble protecting IP when using .NET for software
implementation. Does Microsoft provide any security framework, API or library
for securing .NET binary currently or in the future?
Like any new or extensions for API such as CreateProcess with ability to
load RSA encrypted file allowing to pass RSA keys to let the kernel perform
decryption and process creation internally?
I have seen some other implementation uses kernel-mode API hooking which is
a rootkit characteristic and might be flagged as malware by some AV software.
Besides that, if I hook API within ntdll.dll will Vista API changes break my
app or Microsoft preserve all kernel-mode API backward compatibility?
"Sean M. DonCarlos" wrote:
"ss.teo" wrote:
I want to fork a new process and my executable binary is stored inside
somewhere. Is there any possible way to fork a process using CreateProcess
API without writing to the disk first? Like let's say I want to create a
process from an array of bytes or memory stream containing the executable
data cause I want to prevent my program executable module from being stolen..
First of all, you're going to run into problems on newer systems with
Execute Disable Bit (on the CPU) and/or Data Execution Prevention options (in
Windows). Both of these options are specifically designed to try to stop you
from running data as code.
Second, some antivirus applications consider running data as code a
suspicious activity and may try to block such data/code from executing.
Third, anyone with Administrator and/or debugging privileges can attach a
debugger to your process, force it to dump its address space to disk, and
therefore have a copy of your "embedded" executable.
The .NET Framework has a way of doing something similar in the managed
world. Dynamic assemblies can run directly from memory. However, this would
not help with your IP concerns...MSIL is normally very easy to disassemble.
(MS even provides a disassembler, Ildasm.exe.)
Sean
ss.teo wrote:
Then it seems to be a trouble protecting IP when using .NET for software
implementation.
Yes, there is.
Does Microsoft provide any security framework, API or library
for securing .NET binary currently or in the future?
Not Microsoft directly, but a lot of 3rd party "obfuscators" solutions
exist for that purpose.
Like any new or extensions for API such as CreateProcess with ability to
load RSA encrypted file allowing to pass RSA keys to let the kernel perform
decryption and process creation internally?
Think about it... encryption is *not* a good solution in this case,
since you need to provide the decryption key along with the executable
(it is security through obscurity , which is better than nothing)
I have seen some other implementation uses kernel-mode API hooking which is
a rootkit characteristic and might be flagged as malware by some AV software.
Besides that, if I hook API within ntdll.dll will Vista API changes break my
app or Microsoft preserve all kernel-mode API backward compatibility?
Microsoft preserves backward compatibility for APIs that are documented
in MSDN or the DDK documenation, period.
Anyway, I believe that in many cases, the good answer to Intellectual
Property protection concerns is not technical, but rather juridic (ie,
licence agreement, etc...). You should think about that first....
Arnaud
MVP - VC
"ss.teo" <ss***@discussions.microsoft.comwrote in message
news:E2**********************************@microsof t.com...
Well, actually my purpose is to protect a .NET executable module from
being
viewed in 3rd party tool like .NET Reflector, etc. In fact, I plan to
perform
RSA encryption on the target .NET executable then perform decryption on
fly
to load the program.
It wouldn't be easy to do, but after you build your application you could
remove code and / or data which gets replaced by NOPs and null bytes to
render it inert.
That which you remove could be encrypted and stored to an external file. At
runtime, you could decrypt the file, and write the code and data sections
back to the proper locations in memory, and use VirtualProtect() and
FlushInstructionCache() to make sure that what you added back is executable.
Note that with every release of the operating system it gets harder to do
things like this because with every release there is an attempt to close one
or more of the doors that malware authors use to sneak their code by the
operating system and the anti-virus utilities. It's possible that anything
that you do now could break in the future.
Just by the way, there are third party tools like these which do encrypt
code and data to prevent reverse engineering and piracy with software and
/or hardware: http://www.aladdin.com/HASP/HaspHL.asp http://www.strongbit.com/execryptor_screenshots.asp
Regards,
Will This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Achim Domma |
last post by:
Hi,
I try to start a process on windows using win32process.CreateProcess and
want to to redirect the output. I set the STARTF_USESTDHANDLES flag in the
STARTUPINFO structure. But I can not...
|
by: david.humpherys |
last post by:
os:winnt
python2.3.2
I have a exe that dumps info to the command line. I want to run this
process and capture the stdout into a file. I think i'm close... any
help appreciated.
dh...
|
by: ByteSize |
last post by:
Would be grateful of advice please. I have code in VB6 working as follows:
lngReply = CreateProcess(sNull, txtStart, ByVal 0&, ByVal 0&, 1&, _
NORMAL_PRIORITY_CLASS, ByVal 0&, sNull, sInfo,...
|
by: DOT NET JIM |
last post by:
in VB6 the api declares the createprocess lbEnv var as any. When converted to
..NET is change the type any to Object. The problem is, what kind of object. I
can not get the env variables set when...
|
by: kal |
last post by:
Hi,
I am trying to write an application that will launch a second application
using CreateProcess...
SECURITY_ATTRIBUTES sa;
STARTUPINFO si;
PROCESS_INFORMATION pi;
::ZeroMemory( &sa,...
|
by: Stefano Camaiani |
last post by:
Hello, please someone have the working code on how to call the CreateProcess
API in Vb.Net?
I need to call the CreateProcess API directly and i should not use the
Vb.Net Process functions like dim...
|
by: Paul Schenk |
last post by:
Hi All :)
Would be grateful of advice please. I have code in VB6
working as follows:
lngReply = CreateProcess(sNull, txtStart, ByVal 0&,
ByVal 0&, 1&, _
NORMAL_PRIORITY_CLASS, ByVal 0&,...
|
by: Jai |
last post by:
Please provide sample code for using Createprocess in VB.NET. The code I am
using is given below. But I get "Error 91: Object referrence not set to an
instance of the object" at CreateProcess...
|
by: stefan.sedich |
last post by:
Hi im trying to open a saved email in outlook, im using createprocess,
to open outlook and pass the saved email as an argument, my problem is,
im trying to wait until the process ends so my program...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
