cohowap

Hello,

I am doing some dynamic code compilation that uses some functions I wrote in a dll. I am afraid that people will be able to take this dll and load it into their .net application and use the functions I wrote. Is there a way that the dll wont load unless something is specified I though i ran across this before and there was an attribute i can add to each of the functions in the dll, and if the calling app doesnt have the same attribute string it wouldnt load, but I cant find that anywhere.

Am I crazy Is there a way to do this

Thanks.



Re: Visual C# General Prevent a third party from using a dll?

Peter Ritchie

If the thrid-party assembly has full trust, there's nothing you can do to stop it from loading your code.






Re: Visual C# General Prevent a third party from using a dll?

© ???? ???????, ²Ȧ7?

But there must be a way to do something like that. I have downloaded some dll's like Krypton Ribbon and some control packages which are not free. They must be licensed before they can be used. Practically it means that when you have unlicensed version of the program, you get a warning message every time you start an application.

I think that you should make something like this:



1. In your class constructor, call the Show method of MessageBox


MessageBox.Show("This is an unregistered DLL by cohowap");

2.
This box is shown everytime when programmer has sent wrong input to constructor's password string:

// Class constructor. This is always called when a new instance of the class is created
public SuperClass(int somenumber, string somestring, string password)

// Some code in here...

if(password != "qwerty123") {
doesUserHaveRights = true; // The user have righst because of the right password
}

else {
MessageBox.Show("This is an unregistered DLL by cohowap");
}
}

bool doesUserHaveRights = false;



If the dll's user (programmer) sends a right password to the class constructor, he's able to use the dll functions. Just check this doesUserHaveRights boolean in every function. If it's false, the programmer can't access it and you can show a MessageBox. If you use static methods in the class, then the constructor is not called and you should add a password parameter in those static methods. Then check if the password is correct and let the user use the function or not.


P.S. Sorry for complicated post, but I can't make this easier right now. Hope you understand what I mean. This is not so fascinating way to get some security for your dll but I think that it works enough good. And you should add this line in the beginning of the class:

using System.Windows.Forms; // This is because you are calling MessageBox class


Hope this helps,
Timo Salomaki





Re: Visual C# General Prevent a third party from using a dll?

Peter Ritchie

In terms of "preventing", no, there's nothing that can be done.

From a non-.NET-framework point of view, sure, there's all sort of things you can do to ensure certain code is only run by certain clients. For example, in the API that you're producing you can have a license key parameter that is checked upon the call of every method to ensure only "licensed" clients can make the call. That may be implemented in a single initialization method that must be called before all other methods that put the library in a state that doesn't reject method calls by unlicensed applications; but that becomes a bit easier to "break".

In any event, there's nothing in .NET that will guarantee that all but a select few assemblies will not be prevented from making a method call.

If licensing is what you're looking for, I suggest you have a look at some of the existing licensing threads in the Forums.






Re: Visual C# General Prevent a third party from using a dll?

Alberto Poblacion

Quote:

"...I though i ran across this before and there was an attribute i can add to each of the functions in the dll, and if the calling app doesnt have the same attribute string it wouldnt load..."

I believe that you are thinking about a LinkDemand for a StrongNamePermission. This worked in version 1 of the Framework, but in Version 2 any assembly with Full Trust will bypass this request, so it's not useful anymore for the purpose that you want.





Re: Visual C# General Prevent a third party from using a dll?

cohowap

Alberto,

That sounds about right with what I was looking for.

What I ended up doing was using a public/private key encryption method. The hosting app only contained the encryption and the dll only contained the decryption. When an instance was loaded the encrypted string was passed and the public key was placed in an IPC SharedMemory space. If all went well, then the class was exposed, otherwise I threw an error and stopped initialization.

My only concern now is if I obfuscate the dll, will it load properly, my gut feeling says I wont be able to dynamically load a managed;obfuscated dll. Anyone try this before

Thanks.





Re: Visual C# General Prevent a third party from using a dll?

Alberto Poblacion

I have not tried this out, but I am pretty sure that it should work. Obfuscation does not (or should not) change the public names in the obfuscated dll, so you sould be able to access all the public members in the dll regardless of whether the load is dynamic.





Re: Visual C# General Prevent a third party from using a dll?

Rudedog2

Have you ever tried to browse a DLL or ILDASM a file and can't do it The DLL does not allow you, or the metadata file is "lacking a header" to allow you to browse it. How is that done It does not seem to obfuscation to me, but a different technique altogether. Such files are not in the GAC either.

Rudedog
"Stuck in a procedural world."





Re: Visual C# General Prevent a third party from using a dll?

1nsane

http://www.sofpro.com/



Re: Visual C# General Prevent a third party from using a dll?

SOTY_Programmer

c , 2Ȧ7? wrote:
But there must be a way to do something like that. I have downloaded some dll's like Krypton Ribbon and some control packages which are not free. They must be licensed before they can be used. Practically it means that when you have unlicensed version of the program, you get a warning message every time you start an application.

I think that you should make something like this:



1. In your class constructor, call the Show method of MessageBox


MessageBox.Show("This is an unregistered DLL by cohowap");

2.
This box is shown everytime when programmer has sent wrong input to constructor's password string:

// Class constructor. This is always called when a new instance of the class is created
public SuperClass(int somenumber, string somestring, string password)

// Some code in here...

if(password != "qwerty123") {
doesUserHaveRights = true; // The user have righst because of the right password
}

else {
MessageBox.Show("This is an unregistered DLL by cohowap");
}

}

bool doesUserHaveRights = false;



If the dll's user (programmer) sends a right password to the class constructor, he's able to use the dll functions. Just check this doesUserHaveRights boolean in every function. If it's false, the programmer can't access it and you can show a MessageBox. If you use static methods in the class, then the constructor is not called and you should add a password parameter in those static methods. Then check if the password is correct and let the user use the function or not.


P.S. Sorry for complicated post, but I can't make this easier right now. Hope you understand what I mean. This is not so fascinating way to get some security for your dll but I think that it works enough good. And you should add this line in the beginning of the class:

using System.Windows.Forms; // This is because you are calling MessageBox class


Hope this helps,
Timo Salomaki

The problem with this is that if you make this DLL in the .NET framework, any Joe can download a decompiler like Reflector and either copy and paste the code that the user needs, or just get the password (in this scenario) and pop it into the constructor.

Not sure if someone mentioned, I skimmed to this point and had to bring it up. Sorry if someone did already.





Re: Visual C# General Prevent a third party from using a dll?

cohowap

Thats what obfuscation is for



Re: Visual C# General Prevent a third party from using a dll?

SOTY_Programmer

Ahh, never heard of that before. I'll have to look it up.





Re: Visual C# General Prevent a third party from using a dll?

© ???? ???????, ²Ȧ7?

SOTY_Programmer wrote:

The problem with this is that if you make this DLL in the .NET framework, any Joe can download a decompiler like Reflector and either copy and paste the code that the user needs, or just get the password (in this scenario) and pop it into the constructor.

Not sure if someone mentioned, I skimmed to this point and had to bring it up. Sorry if someone did already.



It's not meant to be a perfect answer, just wanted to give some kind of advice..