Hi dear forum members,
Introduction
I have a question regarding the build folder and its libs.
There are two folders created namely a libs folder and a resources folder after compiling.
When I used to write software in VB6 (Believe me or not I’ve been writing commercial apps in vb6 till 2014!!! before xojo I had registered the dlls and OCX files in the windows32 folder via regvsr32.exe or just the installer. But the important thing is that my dlls and ocx files didn’t need to be in the application its folder.
Now my main question here is
-How do I hide these dlls and resources just like I could in VB6 by installing them to the windows32 folder? (or even windows I think but I am not sure). Is there a suggest way?
Here are my concerns
Dlls
-Possible hackers can find the dlls and research on which encryption methods you use just be looking at the dlls
-Piracy companies can steal your architecture for example they can recognize which core dlls are running.
-They can easily trace which framework is used and my concern is they will build the same application by looking at the components.
Resources folder:
-I used several icons and images in my software and they are in the resources folder.
When they are modified e.g. they are colored or replaced does this main my app also includes the modified icon? Is there a way to encrypt this?
I thought I searched it already but there is no method to compile in a single bundled exe with resourced embedded and the DLLS right?
Please advice on this.
Thanks for such an amazing product xojo developers!
[quote=191022:@Pieter van den Bosch]Hi dear forum members,
Introduction
I have a question regarding the build folder and its libs.
There are two folders created namely a libs folder and a resources folder after compiling.
When I used to write software in VB6 (Believe me or not I’ve been writing commercial apps in vb6 till 2014!!! before xojo I had registered the dlls and OCX files in the windows32 folder via regvsr32.exe or just the installer. But the important thing is that my dlls and ocx files didn’t need to be in the application its folder.
[/quote]
No different with Xojo
MS does recommend doing things differently and placing dll’s etc next to the application executable
This doesn’t really hide them in any way
It just clutters the Windows system directories and can lead to conflicts between DLL’s that have the same name all trying to be placed in the System directories (also known as dll hell)
This is one reason MS suggests putting DLL’s require next to the executable
Whether your dll’s are in the system dir or next to you app it is easy to figure out which dll’s etc your application depends on
Putting them in the System dir provides no level of “hiding” that would slow anyone down
but there is one more thing… What about these resources folder and the not embedded icons and images? These resources are easy to modify by users? Why isn’t the resource folder not embedded in the application resource folder itself (inside the application) I know there are still hackable mostly with a resource hacker but it makes it less easy to open or modify now that the icons are already in the resource folder.
However, my own experiments with suxh programs have not been terribly successful.
[quote=191022:@Pieter van den Bosch]Here are my concerns
Dlls
Possible hackers can find the dlls and research on which encryption methods you use just be looking at the dlls
Piracy companies can steal your architecture for example they can recognize which core dlls are running.
They can easily trace which framework is used and my concern is they will build the same application by looking at the components.[/quote]
I would not be so concerned. Contrary to usual VB programs which generate very easy to decompile code, Xojo generates machine level code that is much, much more difficult to analyse. Reverse engineering is very, very difficult to do from the Xojo executable. Frankly I would not lose sleep over having the DLL next to the executable.
[quote=191022:@Pieter van den Bosch]I used several icons and images in my software and they are in the resources folder.
When they are modified e.g. they are colored or replaced does this main my app also includes the modified icon? Is there a way to encrypt this?[/quote]
You can avoid having your images show in Resources by encoding them base 64 and placing that in constants, then just decode them for use inside your app.
You can avoid having your images show in Resources by encoding them base 64 and placing that in constants, then just decode them for use inside your app.
You have some code example? or docs example of this? Thanks for you resource about the packer software!
This will pick a picture and place the result in TextArea1 so you can copy it to a constant in your project :
Dim f As FolderItem = GetOpenFolderItem("special/any") // as defined in File Type Sets Editor
If f <> Nil Then
If f.Exists Then
// Be aware that TextInputStream.Open coud raise an exception
Dim t As TextInputStream
Try
t = TextInputStream.Open(f)
t.Encoding = Encodings.MacRoman
TextArea1.Text = encodebase64(t.ReadAll)
Catch e As IOException
t.Close
MsgBox("Error accessing file.")
End Try
End If
End If
Now I have placed the result into a constant named Blue. This will turn the encoded constant into a picture and place it into the backdrop of Canvas1 :
[code] Dim t As TextOutputStream
Dim f As FolderItem
f = GetTemporaryFolderItem
If f <> Nil Then
t = TextOutputStream.Create(f)
t.Write(DecodeBase64(blue))
t.Close
End If
Dim pic As Picture
pic = Picture.Open(f)
Canvas1.Backdrop = pic
[/code]
You could also just include a hash-table as a string of all resources included, and check them at startup. If the hashes don’t match, prompt the user that ‘the software is corrupt, please reinstall.’ Truth is, if the end user can ‘hold the program’ in their hands (has direct access to it), it is impossible to deter a determined hacker/cracker/pirate/whatever-you-wanna-call-them. Even with the expertise of the Xojo engineers and elaborate licensing scheme… truth remains, even Xojo itself is hackable/crackable. I always say, “Don’t include anything in your software, that you wouldn’t publicly place in a forum or tell a random stranger.” (ie credit card numbers or other private/proprietary data). You can perform some actions remotely (that would include the aforementioned private data), which requires the software user has access to the internet.
I’d simply stick with a hashing routine and remote check the main application itself’s hash at startup (since it will change every time you compile or change any code); or include an encrypted database that contains the hashes. That’s a sure way that if any files get altered, replaced, or hex-edited…the software will cease to function.
This has been mentioned to me on a few occasions, it is a really valid point.
Personally, I only use the module for the small graphics objects that I use for buttons or the sourcelist, that way the memory usage is acceptable. I would not use it for a ‘real’ picture or larger graphic.