For a few more time, when designing the software, for the consideration of software protection, you want to hide the main program and its support library. After discussion and thinking, I decided to make another program as a shell program, load the main program file and support library into the shell in the form of a resource file, and implement the main program and the required support library when the shell is running. Automatically release and delete. This not only has achieved protection for software, but also simply gives a executable file (shell), user use and management when the program is published. The following is a specific implementation method as an example of Windows Self-tied Write.exe (main program).
First, the establishment and use of resource files
Open a plain text editing software (such as NOTEPAD), follow the format
Resource name resource type resource file name
Enter the following:
Ding WAV Ding.wav
1stboot bitmap 1stboot.bmp
Write EXE C: /WRITE.EXE.exe
Save as resource file mysrc.rc. This generates a resource file. It should be noted that if there is Chinese in the path, then put the file name in a double quotes.
Start C Builder, open a new project, add the resource file MySRC.RC into the project. You can also add RC files as a RES file through BIN directory, and then use the #program resource "* .res" statement. We use simpler former methods. Compilation Running The shell contains the main program and its support library.
Second, the release of resources and calls
Because the resources we use are executable files and support libraries, they cannot only be operated in memory, to be released into files. Other resources such as sound, bitmaps, etc., as long as they operate in memory, and will not be described here. The way the resource is released into documents is also very simple. Hereinafter give the source code:
void __fastcall tform1 :: releaseexefile ()
{
// Todo: Add your source code here
HRSRC HMYRES;
Hglobal hgpt;
LPVOID LPBUFF;
DWORD RCSIZE = 20480; // 20480 is the size of Write.exe
Handle hfile;
LPDWORD DWBYTE;
DWBYTE = & rcsize;
HMYRES = FindResource (Hinstance, "Write", "EXE");
// Hinstance instructs the resource location as execution file
IF (hmyres == null)
SHOWMESSAGE (SYSERRORMESSAGE (GetLastError ());
Hgpt = loading (NULL, HMYRES);
IF (hgpt == null)
SHOWMESSAGE (SYSERRORMESSAGE (GetLastError ());
LPBUFF = LOCKRESOURCE (HGPT);
// Write file
Try
{
Hfile = CREATEFILE ("E: //mywrite.exe", generic_write, 0, null, create _always, file_attribute_normal, null;
Writefile (HFILE, LPBUFF, RCSIZE, DWBYTE, NULL);
IF (* dwbyte! = 20480)
ShowMessage ("Unable to write files!");
}
__finally
{
CloseHandle (HFILE);
}
}
This generates a MyWrite.exe file in the E-driven root directory of the hard disk, and calls it in the shell program. Windows provides many API functions for other programs to call other programs, such as LoadModule (), which is set up for 16-bit Windows program compatibility with createProcess (), and shellexecute () / shellexecuteEx () () / shellexecuteEx ).
SHELLEXCUTE () has only 6 parameters, which is much simpler. The declaration of the function is as follows:
Histance shellexecute
HWND HWND, // Parent Fortune Handle
LPCTSTR LPOPERATION, / / Pointer to point to file processing
LPCTSTR LPFILE, / / Pointer to the file name string
LPCTSTR LPPARETERS, / / Pointer to the executable running parameter string
LPCTSTR LPDIRECTORY, / / Pointer pointing to the default path string
INT nshowcmd // logo program is displayed
);E.g:
IF (FileExists ("E: //mywrite.exe)))
{
Shellexecute (NULL, "Open", "E: //mywrite.exe", null, null, sw_shownormal);
}
Third, automatic deletion of files and messages
After the user is closed, we have to delete the main program file on the hard disk. However, due to insufficient management privileges, it is not possible to delete itself, so it is also necessary to implement it by the housing program. In this way, the message mechanism for Windows is used.
Message refers to a notification of the Windows operating system to the application that tells the application a specific event. From the perspective of the data structure, the message is a structure, the structure is as follows:
Typedef struct
{
HWND hWnd; // Retrieve the window handle of the message
Uint message; // represent a message on behalf of a message
WPARAM WPARAM; // Message Parameters for Additional Information
LPARAM LPARAM; // Message Demand for long word parameters
DWORD TIME; // Message Introduction Time
Point Pt; // Message Position Point.x, point.y
} tagmsg
The message in the Windows operating system is generally 5 steps from which it is processed.
(1) An event has occurred in the system
(2) The Windows system translates events into a corresponding message and put it in the message queue.
(3) The application gets the message from the message queue and package it in the TMSG structure.
(4) The application is assigned to the corresponding window function via the message loop.
(5) The window function finally processes this message.
Applications can also send messages between windows or components like a Windows system. C Builder provides several ways: using functions tControl :: Perform () or API function sendMessage (), or POSTMESSAGE () send messages to a specific form, or use functions TwinControl :: Broadcast () and API functions BroadcastsystemMessage Broadcast message.
We use the API function postmessage () to send a message WM_CLOSE to a particular form. The prototype statement of PostMessage () is as follows:
Bool PostMessage (HWND HWND, UINT MSG, WPARAM WPARAM, LPARAM LPARAM);
For example: PostMessage (Handle, WM_Close, 0); // Handle is a form (housing program) handle for the received message.
After the main program is closed, send a shutdown message to the housing. After receiving the WM_CLOSE message sent by the main program, we can realize the dynamic deletion of the file in the FormClose event of the housing.
Fourth, hidden procedures
The key to this protection method is that there are two applications running, so the shell should hide. This should consider the form, taskbar icon, and Ctrl-Alt-Del dialog, etc..
1. Hide form and taskbar icon
Want to hide the form to set the form of the Visible property to false, you want to hide the program's taskbar icon to use the showwindow function and pass it to its window handle ShowWindow (Application-> Handle, SW_HIDE); but through the ShowWindow function hides the window The taskbar icon is not lasting. Some movements will make the taskbar icon back. You can set the hidden application window to Tool Window to remove the program's taskbar icon to avoid it again. Tool Window never has a taskbar icon. But set the application window to Tool Window has a side effect: it will appear in the list when the user presses Alt Tab. The API function getWindowlong () and setWindowlong () can be called to make the application window a TOOL WINDOW, the source code is as follows:
WinApi Winmain (Hinstance, Hinstance, LPSTR, INT)
{
DWORD DWEXSTYLE = getWindowlong (Application-> Handle, GWL_EXSTYLE);
DwexStyle | = WS_EX_TOOLWINDOW;
SetWindowlong (Application-> Handle, GWL_EXSTYLE, DWEXStyle);
Try
{
Application-> Initialize ();
Application-> Title = "Dynamic Release";
Application-> CREATEFORM (__ classid (tform1), & form1);
Application-> ShowMainform = False;
Application-> Run ();
}
Catch (Exception & Exception)
{
Application-> Showexception (& Exception);
}
Return 0;
}
This hides the program's taskbar icon, but it will also be displayed in the Ctrl-Alt-Del dialog.
2, do not display in the Ctrl-Alt-Del dialog box
The most common way is to call the RegisterServiceProcess API function to register the program into a service mode program. RegisterServiceProcess is a function that is related but no official files in kernel32.dll. The main purpose of this function is to create a service mode program. However, there is no registerServiceProcess function under Windows NT. So this approach can only be implemented under Windows 95/98. The source code is as follows:
/ / --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TypeDef dword (__stdcall * pregfunction) (DWORD, DWORD);
Class TFORM1: Public TForm
{
__publish:
TButton * Button1;
Private:
Hinstance Hkernellib; Pregfunction RegisterServiceProcess;
PUBLIC:
__fastcall tform1 (tComponent * Owner);
__fastcall ~ tform1 ();
}
// ----------- CPP File ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#include "unit1.h"
#define rsp_simple_service 1
#define rsp_unregister_service 0
__fastcall tform1 :: tform1 (tComponent * Owner)
: TFORM (OWNER)
{
Hkernellib = loadLibrary ("kernel32.dll");
IF (Hkernellib)
{
RegisterServiceProcess = (pregfunction) GetProcaddress (Hkernellib, "RegisterServiceProcess");
IF (RegisterServiceProcess)
RegisterServiceProcess (GetCurrentProcessid (), RSP_SIMPLE_SERVICE);
}
}
__fastcall tform1 :: ~ tform1 ()
{
IF (Hkernellib)
{
IF (RegisterServiceProcess)
RegisterServiceProcess (getCurrentProcessid (), RSP_UNREGOSTER_SERVICE);
Freelibrary (Hkernellib);
}
}
After doing so, we can't see the figure of the shell program in the system, thereby giving a sense of only one program (main program).
Under WinNT, as long as our program is running in the form of the process kernel, it is impossible to escape the mental eye of Ctrl Alt Del. Of course, there is also a way to pass the sea, but it is not applicable here, so it will not be described again.
Conclude
This method of using the main program as a resource file and dynamically generate and delete the main program during the housing operation process, is just providing a software protection idea, which does not fundamentally solve the problem. However, if the main program and the shell can be made of different casing software (such as Aspack, UPX, etc.), it will make the program's crack more difficult.
