任何第三方都可以从我的项目中加载嵌入的资源吗?
[英]Can any third-party load embedded resources from my project?
问题描述
Please refer to one of my previous questions . 
请参考我之前的一个问题 。 I'm asking about loading a compiled resource from a DLL. 我问的是从DLL加载编译资源。 Then refer to the answer by David Heffernan. 然后参考David Heffernan的回答。 His suggestion is to use a built-in mechanism to load a resource directly from the DLL's instance, without even using my own exported function. 他的建议是使用内置机制直接从DLL的实例加载资源,甚至不使用我自己的导出函数。 This pointed out a security loophole to me. 这给我指出了一个安全漏洞。
If this is really the case, if this type of solution is possible, then can any outside third-party load resources from any Delphi Application/DLL? 如果确实如此,如果可以使用这种类型的解决方案,那么任何外部第三方都可以从任何Delphi Application / DLL加载资源吗? How secure are embedded resources? 嵌入式资源有多安全? Suppose I compile a DLL with an embedded resource. 假设我使用嵌入式资源编译DLL。 Can someone take this DLL and extract the resource? 有人可以拿这个DLL并提取资源吗? How easy is it, considering they must know the resource name? 考虑到他们必须知道资源名称,它有多容易? Are they able to detect what resources are compiled and get a listing of named resources? 他们能够检测到编译的资源并获得命名资源的列表吗? If this is so, then I will have to implement my own level of security and encrypt every embedded resource and decrypt it with login. 如果是这样,那么我将必须实现自己的安全级别并加密每个嵌入式资源并使用登录进行解密。
1 个解决方案
解决方案1
10 已采纳 2013-02-07 00:58:10
The resource section of a Windows Portable Executable is accessible and enumerable to any process/user with read privileges over the executable file. Windows可移植可执行文件的资源部分对任何具有可执行文件读取权限的进程/用户都是可访问和可枚举的。
The Windows API provide a series of functions to work with resources , including functions to: Windows API提供了一系列用于处理资源的功能,包括以下功能:
- Adding, Deleting, and Replacing Resources 添加,删除和替换资源
- Enumerating Resources 枚举资源
- Finding and Loading Resources 查找和加载资源
- Resource File Formats 资源文件格式
- Using Resources 使用资源
In fact there's plenty of ready tools to perform this operations. 事实上,有很多现成的工具可以执行此操作。 Your own Delphi installation have a demo project called Resource Explorer, usually installed in the folder Samples\\Delphi\\VCL\\resXplor . 您自己的Delphi安装有一个名为Resource Explorer的演示项目,通常安装在Samples\\Delphi\\VCL\\resXplor文件夹中。
As you can see, anyone with the knowledge and/or tools can not only read, but delete and replace the resources found in your windows executable, regardless of the compiler that produced it. 正如您所看到的,拥有这些知识和/或工具的任何人都不仅可以读取,而且可以删除和替换Windows可执行文件中的资源,无论生成它的编译器如何。
You can find more information about the PE file format in the article An In-Depth Look into the Win32 Portable Executable File Format . 您可以在文章深入了解Win32可移植可执行文件格式的文章中找到有关PE文件格式的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.