Board index » delphi » REQ: var password storage exe

REQ: var password storage exe

Can someone tell me if in my main program, I can store a password that
can be changed.  I'm not even sure if this can be done without perhaps
assembler or debug, but I thought I've heard of it.  I'd like to be able
to assign a value for the password, and then be able to change it on an
as need basis, and have it stored in the .exe

Robert

 

Re:REQ: var password storage exe


In article <4g50h1$...@globe.indirect.com>
           robe...@indirect.com "Robert Hardy" writes:

Quote
> Can someone tell me if in my main program, I can store a password that
> can be changed.  I'm not even sure if this can be done without perhaps
> assembler or debug, but I thought I've heard of it.  I'd like to be able
> to assign a value for the password, and then be able to change it on an
> as need basis, and have it stored in the .exe

Easiest way is to make a unique-ish string of the maximum password length
and have it as a const in your program.  Then search the exe for that string,
and note the offset.  You just then write a simple program to modify that
section of the EXE.

Couple of points:

a) You would probably want quite strict versioning control on your password
   modifying program, so you didn't modify bits of code in a mismatched EXE
   (The modifyer could do the search as well, but then you couldn't re-mod)

b) I recommend you encrypt the password, even if only simply (make it have
   lots of #7 s in it -- they always make me think it is a bit of program
   code ;)  Remember that the cheat codes for Duke Nukem 3D were found very
   quickly by searching the EXE (probably meant to happen, but...)

--
* TQ 1.0 * The 'Just So Quotes'.
Lies, damned lies and user documentation.

Re:REQ: var password storage exe


Quote
robe...@indirect.com (Robert Hardy) wrote:
>Can someone tell me if in my main program, I can store a password that
>can be changed.  I'm not even sure if this can be done without perhaps
>assembler or debug, but I thought I've heard of it.  I'd like to be able
>to assign a value for the password, and then be able to change it on an
>as need basis, and have it stored in the .exe

Look in swag - there is some code to create self-mutating executables
that works quite nicely.  As for storing a password, don't actually
store the password.  Store the result of a one-way function of the
password.  That way, the password can't be found by browsing the EXE
file.

Tobin Fricke

Re:REQ: var password storage exe


On 17 Feb 1996 16:42:08 GMT, robe...@indirect.com (Robert Hardy)
wrote:

Quote
>Can someone tell me if in my main program, I can store a password that
>can be changed.  I'm not even sure if this can be done without perhaps
>assembler or debug, but I thought I've heard of it.  I'd like to be able
>to assign a value for the password, and then be able to change it on an
>as need basis, and have it stored in the .exe

If you make the first declaration in your program a string with a
unique value (like the file name with the high bit set in each
character), the program can read the exe file, as a type byte file,
building a string of x bytes (you'll know how many), looking for your
"weird" filename (or whatever you want to put there).  The next
declaration is the password.  Read it or write it to the exe file.

--
Al

Re:REQ: var password storage exe


:In article <4g50h1$...@globe.indirect.com>
:           robe...@indirect.com "Robert Hardy" writes:
:
:> Can someone tell me if in my main program, I can store a password that
:> can be changed.  I'm not even sure if this can be done without perhaps

As far as I recall I have some information on executable branding in

 93045 Jan 1 09:31 ftp://garbo.uwasa.fi/pc/link/tsfaqp.zip
 tsfaqp.zip Common Turbo Pascal Questions and Timo's answers

or

 112570 Aug 16 21:31 ftp://garbo.uwasa.fi/pc/ts/tspa3470.zip
 tspa3470.zip Turbo Pascal 7.0 real mode units for (real:-) programmers.

   All the best, Timo

....................................................................
Prof. Timo Salmi   Co-moderator of news:comp.archives.msdos.announce
Moderating at ftp:// & http://garbo.uwasa.fi archives  193.166.120.5
Department of Accounting and Business Finance  ; University of Vaasa
t...@uwasa.fi http://uwasa.fi/~ts BBS 961-3170972; FIN-65101,  Finland

Re:REQ: var password storage exe


In article <4go1t8$...@globe.indirect.com>,
Quote
Robert Hardy <robe...@indirect.com> wrote:

:P.S.
:Hey Timo, consider putting Robert B. Clark's program below into SWAG.  It
:seems very clear and should work great.  

Thank you for the suggestion (assuming that you mean me), but it is
not I who maintains the SWAG collection. I just have it stored at
Garbo archives for the good net people to download.

   All the best, Timo

....................................................................
Prof. Timo Salmi   Co-moderator of news:comp.archives.msdos.announce
Moderating at ftp:// & http://garbo.uwasa.fi archives  193.166.120.5
Department of Accounting and Business Finance  ; University of Vaasa
t...@uwasa.fi http://uwasa.fi/~ts BBS 961-3170972; FIN-65101,  Finland

Re:REQ: var password storage exe


On 24 Feb 1996 22:02:16 GMT, robe...@indirect.com (Robert Hardy) wrote:

Quote
>Hey Timo, consider putting Robert B. Clark's program below into SWAG.  It
>seems very clear and should work great.  

Thanks for the compliment, Robert.  I've placed the code in the public
domain, so if SWAG wants it they are certainly welcome to it.  But you
should be aware that (AFAIK) Timo has no affiliation with SWAG.

[snip]

Quote
>: function GetEXEHeader(var f: FILE): word;
>: { Returns EXE header length word (in paragraphs) for executable file or
>:   0 if error.  Executable file should already be opened for read on f;
>:   the file pointer will be just after the EXE header size field upon
>:   exit from this function. }

>: VAR IOError: integer;
>:     hdrsize: word;
>: begin
>:     hdrsize:=0;
>:     {$I-}
>:     Seek(f,8);             { EXE header size at offset 8 in file }
>:     IOError:=IOResult;    
>:     if IOError = 0 then
>:     begin                  { Read header size (in paragraphs) }
>:        BlockRead(f, hdrsize, SizeOf(hdrsize));
>:        IOError := IOResult
>:     end;
>:     hdrsize:=hdrsize and (not IOError);   { hdrsize=0 if IOError }

[snip]

BUG ALERT:

As k...@pinboard.com was kind enough to point out to me via email, I
goofed in this function.  The value of hdrsize will incorrectly be <> 0
if there is an I/O error during the BlockRead() operation since

Quote
>:     hdrsize:=hdrsize and (not IOError);   { hdrsize=0 if IOError }

evaluates to zero only if IOError is all-bits-set, or 255.  If IOError
is any other non-zero value, hdrsize will *not* be set to zero as was
intended.  This error should not generally occur, because I/O errors are
also checked immediately after the Seek() statement and it's relatively
unlikely that  read errors will happen once past this point--but it's
still possible.

Chalk this one up to ill-defined test executables and to fuzzy logic on
my part. <g>

Replace the offending line of code with

        if IOError <> 0 then hdrsize := 0;        { hdrsize=0 if IOError}

--
Robert B. Clark <rcl...@iquest.net>
"Be wary of strong spirits.  It can make you shoot at tax collectors...
and miss." --RAH

Re:REQ: var password storage exe


Quote
On Wed, 28 Feb 96 05:05:36 JST, k...@pinboard.com wrote:
>          BlockRead(f, hdrsize, SizeOf(hdrsize));
>          IOError := IOResult
>       end;
>       hdrsize:=hdrsize and (not IOError);   { hdrsize=0 if IOError }
>Wouldn't you get a wrong hdrsize if an IO error occurrs during
>BlockRead? As far as I understand, if you get a 'File not open' error,
>IOResult would return a value of 103, which you assign to IOError.
>However,
>        hdrsize:=hdrsize and (not IOError);  { hdrsize=0 if IOError }
>only returns 0 if IOError = 255, which it will never be.
>Please correct me if I'm wrong.

OK.

If IOError is non-zero, then it is true.  Therefore, (not IOError) is
false, or 0.

hdrsize and 0 = 0;

Therefore, hdrsize and (not IOError) will be 0 for any value of
IOError other than 0.  If IOError *is* zero (false), hdrsize will
equal hdrsize.  (and not false=and true, which equals and 255)

OK?
--
Al

Re:REQ: var password storage exe


Sure thing.  I didn't know that Timo wasn't affiliated, but to whomever I
thought it was good enough for for me.

Robert B. Clark (rcl...@iquest.net) wrote:
: On 24 Feb 1996 22:02:16 GMT, robe...@indirect.com (Robert Hardy) wrote:

: >Hey Timo, consider putting Robert B. Clark's program below into SWAG.  It
: >seems very clear and should work great.  

: Thanks for the compliment, Robert.  I've placed the code in the public
: domain, so if SWAG wants it they are certainly welcome to it.  But you
: should be aware that (AFAIK) Timo has no affiliation with SWAG.

: [snip]

: >: function GetEXEHeader(var f: FILE): word;
: >: { Returns EXE header length word (in paragraphs) for executable file or
: >:   0 if error.  Executable file should already be opened for read on f;
: >:   the file pointer will be just after the EXE header size field upon
: >:   exit from this function. }
: >
: >: VAR IOError: integer;
: >:     hdrsize: word;
: >: begin
: >:     hdrsize:=0;
: >:     {$I-}
: >:     Seek(f,8);             { EXE header size at offset 8 in file }
: >:     IOError:=IOResult;    
: >:     if IOError = 0 then
: >:     begin                  { Read header size (in paragraphs) }
: >:        BlockRead(f, hdrsize, SizeOf(hdrsize));
: >:        IOError := IOResult
: >:     end;
: >:     hdrsize:=hdrsize and (not IOError);   { hdrsize=0 if IOError }

: [snip]

: BUG ALERT:

: As k...@pinboard.com was kind enough to point out to me via email, I
: goofed in this function.  The value of hdrsize will incorrectly be <> 0
: if there is an I/O error during the BlockRead() operation since

: >:     hdrsize:=hdrsize and (not IOError);   { hdrsize=0 if IOError }

: evaluates to zero only if IOError is all-bits-set, or 255.  If IOError
: is any other non-zero value, hdrsize will *not* be set to zero as was
: intended.  This error should not generally occur, because I/O errors are
: also checked immediately after the Seek() statement and it's relatively
: unlikely that  read errors will happen once past this point--but it's
: still possible.

: Chalk this one up to ill-defined test executables and to fuzzy logic on
: my part. <g>

: Replace the offending line of code with

:       if IOError <> 0 then hdrsize := 0;        { hdrsize=0 if IOError}

: --
: Robert B. Clark <rcl...@iquest.net>
: "Be wary of strong spirits.  It can make you shoot at tax collectors...
: and miss." --RAH

Re:REQ: var password storage exe


One thing to keep in mind when you give users the power to change *.exe files
(such as by changing a password embedded in the *.exe file) is that
anti-virus programs don't like things like this.

If the user is going to be a relatively knowledgeable computer user, its no
big deal, but the novice or the secretary who just uses WordPerfect all day
is going to be panicked by a message from the Anti-virus TSR that the file
has been changed.

Rob

Other Threads