|
-
Apr 30th, 2008, 06:23 PM
#1
Thread Starter
New Member
Are resource files prone to tampering by malicious users?
Hi to everyone.
I am developing a simple application in VB6. However, when I will be distributing the application, I do not like the idea to simply put my image files in the current directory and read them into the Image controls, because a user can be replacing the files with another content and using the same filename. So I was thinking about using a resource file. However, I would like to know if the RES files are really secure. I know about some applications like "Resource Hacker" that could inspect an EXE or another system file, even replacing the content of Windows itself, etc. In fact, now I am in doubt about the integrity of my application if everyone using those "resource viewers/editors" could be changing for instance the captions on the command buttons, etc, or any other content in my VB6 application.
Thank you very much for any help in advance.
-
Apr 30th, 2008, 07:29 PM
#2
Lively Member
Re: Are resource files prone to tampering by malicious users?
well, you could always put the data encrypted at the end of the file, then read from there at startup.
-
Apr 30th, 2008, 07:44 PM
#3
Re: Are resource files prone to tampering by malicious users?
I suppose it depends on what you have in the resource file.
-
May 1st, 2008, 02:33 AM
#4
Re: Are resource files prone to tampering by malicious users?
You are seriously worried about image files being hacked????
What real different would that make anyway if someone replaced an image?
You could always load them in an image control...
-
May 1st, 2008, 02:49 AM
#5
Hyperactive Member
Re: Are resource files prone to tampering by malicious users?
i think you are either worrying about something that you don't really need to, or, the cynic in me thinks you are looking at tips on how to perform this "hack"
what type of application is it ? and who is the target users ? hackers/School kids?
-
May 1st, 2008, 03:40 AM
#6
Re: Are resource files prone to tampering by malicious users?
ResHack is one of the best ones I've come across although I personally never had a use for it. There might be better ones out there that I'm not aware of.
But use ResHack on your program and see what can be changed. Then ask yourself, "Do I really care if someone changes any of this stuff?".
-
May 1st, 2008, 01:28 PM
#7
Re: Are resource files prone to tampering by malicious users?
Also, no matter what you do, someone determined enough will figure out a way to undo it, so just go for the best you can to make it as difficult as you can.
-
May 1st, 2008, 05:25 PM
#8
Thread Starter
New Member
Re: Are resource files prone to tampering by malicious users?
Thank you for all your replys.
The target audience are students, and the application is a non-profit application that includes some important information, utilities, and resources for the students. However, last course, some experienced student replaced "just for fun" as he explained, some of the images that were simply loaded with LoadPicture from the installation directory. Rapidly, the new "version" became popular, and nothing would be more than a local school cuestion, but the most embarrasing was that some images from our sponspors (who financed all the expenses for the project and included some publicity in the application) were changed for some pretty-looking softcore models.
So I am planning to use a modification for generating the images inside the code, and encripted, in fact, using a "new" implementation of the old days BASICA Read-Data statements, for reading the bytes of the image into an array, and then assign this data to the Image controls. I hope this could be made.
Thank you again.
-
May 1st, 2008, 05:30 PM
#9
Re: Are resource files prone to tampering by malicious users?
Sounds like overkill. You could always store hashes of the images in another resource and verify by calculating image resource hashes and comparing when your program starts.
-
May 2nd, 2008, 12:38 AM
#10
Re: Are resource files prone to tampering by malicious users?
If the app was operated as a limited user the student could not replace anything in the app folder for it would be read only...
-
May 2nd, 2008, 07:12 AM
#11
Hyperactive Member
Re: Are resource files prone to tampering by malicious users?
can you not just store the images in a directory in the shcool network that the students have read only privleges ?
-
May 2nd, 2008, 07:55 AM
#12
Re: Are resource files prone to tampering by malicious users?
If you compress your final .exe then even ResourceHack wont be able to see them and it will actually decrease your overall filesize by quite a bit.
Try Upx or PeCompact to compress.
_____________________________________________________________________
----If this post has helped you. Please take time to Rate it.
----If you've solved your problem, then please mark it as RESOLVED from Thread Tools.

-
May 2nd, 2008, 01:43 PM
#13
Re: Are resource files prone to tampering by malicious users?
Here's another solution.
1) Read all the images.
2) Switch the first 2 characters of each image header (corrupt it).
3) Load the images into an UDT.
4) Write the UDT to a single file.
Now you have a single binary file with all the images. When somebody uses a tool to extract the images it fails, because the image headers are invalid. For example, Bitmap headers usually start with BM6, but in the single binary file they start with MB6.
This is what you do in the application that needs the images:
5) Read the binary file back into the UDT.
6) Convert UDT to Byte array
7) Convert Byte array to a Picture
8) Load the images into the PictureBoxes.
Below is an example. All 6 images have a .bmp extension, but that's only to make it easier to load them with a simple loop.
1.bmp = BMP image
2.bmp = JPG image
3.bmp = GIF image
4.bmp = BMP image
5.bmp = JPG image
6.bmp = GIF image
<project removed>
Last edited by Chris001; May 6th, 2008 at 01:22 PM.
-
May 2nd, 2008, 02:28 PM
#14
Re: Are resource files prone to tampering by malicious users?
Wow... All of that to skip applying READ ONLY privileges... What overkill and really unnecessary.
-
May 6th, 2008, 09:07 AM
#15
Hyperactive Member
Re: Are resource files prone to tampering by malicious users?
 Originally Posted by randem
Wow... All of that to skip applying READ ONLY privileges... What overkill and really unnecessary.
I Have to agree here. that looks like the long way round and can go wrong in so many ways, changing file names etc.
Read Yes, Write No.
David
Last edited by Davadvice; May 6th, 2008 at 09:32 AM.
This is Blank
-
May 6th, 2008, 01:20 PM
#16
Re: Are resource files prone to tampering by malicious users?
Ah well, it was only an idea. I use it for one of my apps. I create a single file from several toolbar images and put the single binary file on my site. When the user wants different toolbar images, they can download the single file, put it in the installation folder and then load the images from the app's menu.
I thought it might be a solution to prevent people from messing around with the images.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|