不要在安装程序中更新DLL资源 [英] DONT want to update DLL resource in setup

问题描述

大家好，
我正在使用MFC DLL将我的大项目分解为小小的DLL.但是，当我给一个在他的机器上安装了Visual Studio的人安装时发现了问题.一切正常，接受一件事， DLL资源可以在设置中修改 .
使用设置的用户可以根据需要打开DLL和修改资源.并且可以将我的整个对话框界面复制到他自己的项目中.它的麻烦点 是黑客入侵的一部分 .因此，我只想限制用户对fom的更新和DLL资源的复制.是否有任何方法或任何方法可以允许我 对DLL资源更新的限制(特别是对话框).





谢谢和问候
桑托什·马鲁蒂·达纳瓦德
MFC程序员

Hi All,
Im using MFC DLL for saparation of my big project into small small DLL. But problem found when i given set up to a person who has visual studio on his machine.Things goes all right accept one thing ,DLL RESOURCES CAN MODIFIED IN SETUP.
A User that used a set up can open DLL and modified resources as per his reqiurement.and can copy my whole dialog interface into his own project . Its litle bit part of hacking.So i just want to restrict user fom updation and copy of my DLL Resources.Is there is any way or any method that allows me restriction on DLL RESOURNCE UPDATION(SPECIALLY DIALOG).





Thanks and Regard
santosh maruti dhanawade
MFC Programmer

推荐答案

我可能会以类似于MS Windows所采用的方式来实现这一目标.

也就是说，我将计算每个文件的哈希值(比如说MD5或SHA1).然后，我将针对每个文件即时计算一次来检查(预先计算的)有效期.如果哈希不匹配，请不要继续.

这个问题有两个方面:

1)它删除了DLL的功能-即您无法更新它们
2)仍然有人可以对您的代码进行反向工程，以确保哈希比较始终成功.

解决此问题的一种方法是避免将对话框存储在DLL的资源中.您可以简单地将对话框加载到ResEdit中.这将使您预览创建该对话框所需的C代码.然后，您可以复制此C代码并动态创建对话框.这将使邪恶角色更难以修改对话框.

另一种方法是使用静态库，将所有代码构建到EXE中.然后，您可以计算整个exe的MD5，如果它与预先计算的md5不匹配，则只需退出即可. -这很棘手，因为对代码的每次修改都会导致完全不同的md5.

对于第二种选择，CP上有一篇文章讨论了篡改感知和自我修复的可执行文件"，我似乎还记得，这解决了计算程序初始md5的问题.您可以在此处此处阅读文章. //www.codeproject.com/Articles/18961/Tamper-Aware-and-Self-Healing-Code"target =" _ blank"title =" New Window> ^ ]

I would probably approach this in a similar way to the one employed by MS Windows.

That is, I would calculate a hash (lets say MD5 or SHA1) of each file. I would then check the (pre-calculated) valid against one calculated on-the-fly for each file. If the hash doesn''t match, don''t continue.

The problem with this is two-fold:

1) It removes the functionality of DLLs - i.e you can''t update them
2) Someone can still reverse-engineer your code to make sure that the hash comparison is always successful.

One way around this would be to avoid storing the dialog in the resources of a DLL. You could simply load the dialog into ResEdit. This will let you preview the C code required to create that dialog. You can then copy this C code and create the dialog dynamically. This will make it considerably harder for nefarious characters to modify your dialog.

Another way would be use static libs, building all code into your EXE. You could then calculate the MD5 of the whole exe and, if it doesn''t match with the pre-calculated md5 you would just exit. - This is tricky, since each modification to your code results in a wildly different md5.

For the second option, there''s an article here on CP that talks about "Tamper aware and Self-healing executables" I seem to recall that this solves the problem of calculating the initial md5 of the program. You can read the article here[^]

这篇关于不要在安装程序中更新DLL资源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！