0

I have a DLL file that I purchased (Without the Source Code) and I'm linking it to my application, simply by using "LoadLibrary("file.dll")", then it imports a function that gets an unique ID of the computer. Now let's say that our hacker detected the name of this function and now he's creating a new dll file, with the same name and the same function's name in it. His new DLL file will be replaced (simply by grabbing his dll to the directory and replacing with mine) and the function of the unique ID is available but returns nothing. So now my application gets a blank unique ID and the hacker got out of my hands.

Any ideas how to prevent it? my project is programmed on C++.

Thanks in advance.

user1154454
  • 19
  • 3
  • 1
    When the machine is so compromised that somebody can replace arbitrary DLLs then surely they'll find a more worthy way to exploit it. Any countermeasure you'll think of is arbitrary bypassed by replacing the countermeasure code. – Hans Passant May 07 '12 at 13:12

2 Answers2

0

You could ask the company from which you get the DLL to provide a LIB of this DLL. Then you could statically link to this LIB. When doing this, the code of the library would be part of your code and thus transparent to hooking!.

mox
  • 6,084
  • 2
  • 23
  • 35
0

Another possibility (in the case of an external DLL is really necessary): you could try to convince your DLL provider to export the function NOT by NAME but by Ordinal. This leads to security by obscurity. This would not prevent hooking or replacement, but at least this would not make the exported function evident to understand. Like 73 (exported function by number) instead of CreateMyFile (exported function by name).

mox
  • 6,084
  • 2
  • 23
  • 35