4

Please refer to one of my previous questions. I'm asking about loading a compiled resource from a DLL. Then refer to the answer by David Heffernan. His suggestion is to use a built-in mechanism to load a resource directly from the DLL's instance, without even using my own exported function. This pointed out a security loophole to me.

If this is really the case, if this type of solution is possible, then can any outside third-party load resources from any Delphi Application/DLL? How secure are embedded resources? Suppose I compile a DLL with an embedded resource. Can someone take this DLL and extract the resource? How easy is it, considering they must know the resource name? Are they able to detect what resources are compiled and get a listing of named resources? If this is so, then I will have to implement my own level of security and encrypt every embedded resource and decrypt it with login.

Improve this question

1 Answer 1

Reset to default
10

The resource section of a Windows Portable Executable is accessible and enumerable to any process/user with read privileges over the executable file.

The Windows API provide a series of functions to work with resources, including functions to:

  • Adding, Deleting, and Replacing Resources
  • Enumerating Resources
  • Finding and Loading Resources
  • Resource File Formats
  • Using Resources

In fact there's plenty of ready tools to perform this operations. Your own Delphi installation have a demo project called Resource Explorer, usually installed in the folder Samples\Delphi\VCL\resXplor.

As you can see, anyone with the knowledge and/or tools can not only read, but delete and replace the resources found in your windows executable, regardless of the compiler that produced it.

You can find more information about the PE file format in the article An In-Depth Look into the Win32 Portable Executable File Format.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Thank you, that's exactly what I suspected. I will need to change my approach and encrypt everything I embed.
On a side-note, I never knew that embedded resources were windows-wide. I always thought it was Delphi-specific. This opened my eyes to many things.
@JerryDodge: You should see Resource Explorer. The app is fairly useful, and the page lists the types of resources that it can read from any Windows executable (which includes DLLs). You should use it to look at any Delphi app, and check the RCDATA resources; I think you'll be a little surprised at the least.
@KenWhite Understood, now that I know this is a Windows-level functionality rather than just Delphi. I mean I was sure already that about any language had a way to embed resources, but now I know it's universal for any language.
@JerryDodge: The app at the link I posted allows you to view the types of info others can see in your exe/dll (some of them visually). As I said, you might want to inspect your own application or DLL with it, so you'll know what's there you might need to protect. It works on other (non-Delphi) apps as well, some of which have some interesting resources.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.