Discussion:
[fpc-pascal] Embedding DLL into EXE for Windows 32 bit?
Bo Berglund
2018-07-07 07:34:23 UTC
Permalink
Is it possible to embed a DLL into the EXE file such that only the exe
needs to be distributed?

I need to use a 3rd party protection dongle in my programs. The maker
provides a DLL interface but it means that I must send this DLL along
with my program, which I would rather not do.

Previously we used another maker's dongle and this used a Windows
driver plus an OBJ file which we could link into our exe. Now the
driver is no longer being updated so we need to switch to another
brand of dongle.
But sending a DLL along with the exe seems a risk for hacking, nothing
stops a hacker from replacing the dll with one of his own with
modified code....

Since this maker does not have an OBJ file to link with I thought I
would ask if it is possible to embed the DLL functionality directly
into the exe?

Or is there some tool that can take a DLL as input and create the OBJ
file, which can then be used to link into the program?

I am looking at FPC 3.0.4 with Lazarus 1.8.4 on Windows 32 bit and
compatibility with Delphi 7-XE5 32 bit.
--
Bo Berglund
Developer in Sweden

_______________________________________________
fpc-pascal maillist - fpc-***@lists.freepascal.org
http://lists.freep
Zoe Peterson
2018-07-07 08:04:21 UTC
Permalink
Post by Bo Berglund
Since this maker does not have an OBJ file to link with I thought I
would ask if it is possible to embed the DLL functionality directly
into the exe?
There are a few options:

1) Include the DLL as a resource and extract it to a temp location
before loading it

2) Load it directly from memory using a third party unit like this:
https://github.com/Fr0sT-Brutal/Delphi_MemoryModule

3) Codesign the DLL and executable and verify that they haven't been
modified. There's code to do that on Stack Overflow, though it wasn't
tested on Lazarus:
https://stackoverflow.com/questions/5993877/checking-digital-
signature-programmatically-from-delphi
--
Zoë Peterson
Scooter Software


_______________________________________________
fpc-pascal maillist - fpc-***@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pa
Sven Barth via fpc-pascal
2018-07-07 08:09:24 UTC
Permalink
Post by Zoe Peterson
3) Codesign the DLL and executable and verify that they haven't been
modified. There's code to do that on Stack Overflow, though it wasn't
https://stackoverflow.com/questions/5993877/checking-digital-
signature-programmatically-from-delphi
Of course one will need to make sure that the own binary wasn't modified as
well (e.g. patching the code that checks the signature).

Regards,
Sven
Bo Berglund
2018-07-07 09:01:41 UTC
Permalink
On Sat, 07 Jul 2018 03:04:21 -0500, "Zoe Peterson"
Post by Zoe Peterson
Post by Bo Berglund
Since this maker does not have an OBJ file to link with I thought I
would ask if it is possible to embed the DLL functionality directly
into the exe?
1) Include the DLL as a resource and extract it to a temp location
before loading it
I have seen these suggestions but the comments indicated that writing
a binary file to the filesystem on startup and then calling stuff
inside likely will trigger antivirus detection...
See: http://www.delphipages.com/forum/showthread.php?t=216147

What the pages I found suggest as a solution is to extract the DLL
from the resource to memory in the same place where it would be put
using LoadLibrary. Then it could be called as if loaded from disk but
the disk would not be touched.
Digging down this route makes me hesitant since it involves using a
number of rather big source files to handle the operations. Too big
and involved for me to understand...
Post by Zoe Peterson
https://github.com/Fr0sT-Brutal/Delphi_MemoryModule
This I don't understand, it does not look like they have embedded the
dll into the application at all...

In the example both tests use the same code to load the dll from the
file system:
ms := TMemoryStream.Create;
ms.LoadFromFile(ParamStr(1));
(Paramstr(1) is the required DLL path)

I found another MemoryModule at GitHub named BTMemoryModule:
https://github.com/nedich/memorymodule
But it too looks rather involved, and is pretty old...
Post by Zoe Peterson
3) Codesign the DLL and executable and verify that they haven't been
modified. There's code to do that on Stack Overflow, though it wasn't
https://stackoverflow.com/questions/5993877/checking-digital-
signature-programmatically-from-delphi
Right, but this is just verification of the integrity of the file(s),
which of course could be a good thing. And I have no sources to the
DLL, just the working binary.

Conversion tool?
----------------
Is there some tool that can take a DLL as input and create an OBJ
file, which then can be linked into the application?
That would be the best solution at least for me.

I have found objconv: http://www.agner.org/optimize/#objconv
But it does not have an option to use a DLL as input file...
Maybe it is not possible to do such a conversion I am after?
--
Bo Berglund
Developer in Sweden

_______________________________________________
fpc-pascal maillist - fpc-***@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fp
José Mejuto
2018-07-07 11:29:23 UTC
Permalink
Post by Bo Berglund
Post by Zoe Peterson
1) Include the DLL as a resource and extract it to a temp location
before loading it
I have seen these suggestions but the comments indicated that writing
a binary file to the filesystem on startup and then calling stuff
inside likely will trigger antivirus detection...
See: http://www.delphipages.com/forum/showthread.php?t=216147
Hello,

This behavior raises a warning in the antivirus for sure. Not a good choice.
Post by Bo Berglund
This I don't understand, it does not look like they have embedded the
dll into the application at all...
In the example both tests use the same code to load the dll from the
ms := TMemoryStream.Create;
ms.LoadFromFile(ParamStr(1));
(Paramstr(1) is the required DLL path)
It uses a memory stream, no disk is touched, but in the example, for
simplicity, it reads the DLL from disk instead a resource in the EXE.
Post by Bo Berglund
https://github.com/nedich/memorymodule
But it too looks rather involved, and is pretty old...
In my Delphi times I was using it with good results. I was trying to
port it to FPC but drop the attempt.

Anyway, using a DLL only complicates the distribution. Security is the
same as an OBJ file, a hacker can not simply replace the DLL with an
empty stub as some operations must be performed in the dongle which are
verified in the main code, the DLL is just a tunnel between application
and dongle.
--
_______________________________________________
fpc-pascal maillist - fpc-***@lists.freepascal.org
http://lists.freepascal.org/
Marco van de Voort
2018-07-07 10:14:05 UTC
Permalink
1) Include the DLL as a resource and extract it to a temp location ...
2) Load it directly from memory using a third party unit like this: ...
3) Codesign the DLL and executable and verify that they haven't been ...
All three assume the exe will start without the DLL, which is often not a
given.

There are still dongles that work with .objs (e.g. Dinkey Pro).
_______________________________________________
fpc-pascal maillist - fpc-***@lists.freepascal.org
http://lists.f
Continue reading on narkive:
Loading...