Hoi peter,

>Are you guys writing an alternative Hackers Guide here? Please, be aware of the possible impact.

As you know, I have no intention to write anything beyond what I do on the UT. And I do not have any desire to explain anybody all my hackers tricks (not implying that I do hack VFP applications of third parties).

Walter,


>>Hi christof,
>>
>>>>The first is that armadillo has a few protection mechanisms to protect its contents from debugging and memory dumping.
>>
>>>All the tools I know of protect against memory dumping from another process. In VFP we have the unique opportunity, though, to inject code into the process without going through any of the official interfaces. For example, you can modify any of the tables that the application uses and add an index expression that calls a UDF. The UDF would use SYS(2600) to read memory to its heart's content. Code injection is the biggest attack vector against protected VFP applications.
>>
>>Hmmmm, I'm not sure if this is at all neccesary.
>>
>>As you know, VFP applications are not real executables. It is just a collections of data (mainly tables) with a small exe header that is responsible to start the intepretator. From my observations it seems that VFP applications are seldom loaded into memory entirely (observed via filemon). Resources like forms and classes are loaded when neccesary. Since they are tables I would assume that they are loaded into the same address space as other tables like UDF cursors and open data tables.
>>
>>So whenevery you're making a memory dump, you're never sure that the entire application is in there. Also, the memory dump might look entirely different next time.
>>
>>The biggest threat however is from within your own application. If is very easy inject a trojan horse into your VFP application. When using just a unencrypted vfp database, it is very simple write a trigger that gathers all kind of information about the VFP application. Classes and forms, reports and other tables are very easy to retrieve from an executable (USE and COPY TO). Program files and other resources might be a bit more difficult though.
>>
>>In fact I must admit that the above saved my skin a few times when I screwed up one of the forms, classlibs or datafiles without having inmediate access to a recent backup. Only a few lines of code are neccesary to retrieve the original resource from the most recent executable.
>>
>>Walter,