Walter Meester
HoogkarspelNetherlands
General information
Category:
Third party products
Hi Jos,
>>I suspect this is not that simple for VFP executables. Making a memory dump won't get you a full VFP exe. This is because a VFP.exe is reading from itself (the p-code) as it is run. Depending on how a user uses the software it will load resources (forms, classes, prgs, reports, icons, etc) randomly so the memory dump will be differrent every time you make it.
>
>I don't say its simple. Dumping any running app from memory requires uncommon skills. And no doubt a single dump would not do it. But it is a definite attack and very difficult to defend against.
What I'm saying is that it might be pretty impossible to do it through a memory dump, because for the hacker there might not be a way to get the whole exe in memory. Even then it might be pretty impossible as the resources might be handled like data and therefore totally fragmented and scattered throughout the memory. To be honest, I think it is impossible to reconstruct the whole EXE from memory at all.
Christof wrote some article about this very same topic. Maybe its on his website. AFAIK, the main security hole in VFP applications is writing code that might be run by the executable. For example modifying the database stored procedures, triggers or field validation rules that will have access to the resources in an unencrypted form. From these kind of hacks you can copy out the resources (though I do not have a clue how to get a list of all the resources that are compiled in there).
Walter,
Previous
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only