-1

i want to implement a windows service that functions as a simple license security feature for a software X. The service is meant to run independently from software X.

The rough idea:

  • The service is like a timebomb for a software Z installed on the machine...
  • Whenever the user runs software X, the service pops up a window every 30 minutes to remind the user to register software X.
  • If the user doesnt register the software after 1 month, the service will change the license code in a file and kill the software X process.
  • On the next start up, software X will read the wrong license code and starts in demo mode.
  • The service backs up the license code first before changing it.
  • When the user do register, a exe or bat file will be given for the user to run. The file restores the original license file and permanently removes the service.

Additional info:

  • Is it possible that if the user tries to kill the service, the service will automatically change license code and kill software X before being killed itself?
  • If the user changes the license code manually in the file after the service changes it, then the service will automatically change it back and kill software X.

I'm quite the newbie in programming... so i wanna ask for advice first before jumping into the project... Any advice, tips or issues/concerns i should be aware of based on your experience?

I'll most probably code it in C++ but might do it in C#(never used it before) after reading the following discussion: Easiest language for creating a Windows service

Community
  • 1
  • 1
justin
  • 243
  • 2
  • 6
  • 15

4 Answers4

3

I'm quite the newbie in programming... so i wanna ask for advice first before jumping into the project... Any advice, tips or issues/concerns i should be aware of based on your experience?

The best advice I can give you is "newbies to programming should not attempt to write security systems". Developing a security system that actually mitigates real vulnerabilities to real attacks is incredibly difficult and requires years of real-world experience and both practical and theoretical knowledge of how exactly the operating system and framework class libraries work.

The second-best advice I can give you is to construct a detailed, accurate and complete threat model. (If you do not know how to do thread modeling then that'll be the first thing to learn. Do not attempt to rollerskate before you can crawl.) Only by having a detailed, accurate and complete threat model will you know whether your proposed security features actually mitigate the attacks on your vulnerabilities.

Eric Lippert
  • 647,829
  • 179
  • 1,238
  • 2,067
1
  • Whenever the user runs software X, the service pops up a window every 30 minutes to remind the user to register software X.

This is not possible. A service cannot display a window due to being on another desktop then the user. (Since Vista this is mandatory, XP did allow for showing a window.)

  • Is it possible that if the user tries to kill the service, the service will automatically change license code and kill software X before being killed itself?

No. A service is just another program running in the system, which can be killed at any point in time. (Only you have to be in the administrator group).

  • If the user changes the license code manually in the file after the service changes it, then the service will automatically change it back and kill software X.

The conclusion is, that when you break your license check into 2 parts, you get another point at which the user can break your check. You cannot prevent the user from working around your service, if it is not mandatory for your program to work.

Christopher
  • 8,912
  • 3
  • 33
  • 38
0

Is it possible that if the user tries to kill the service, the service will automatically change license code and kill software X before being killed itself?

Not in general, no. If I shut down the process unconditionally (e.g. using taskkill /f command), it won't get any chance to react.

If the user changes the license code manually in the file after the service changes it, then the service will automatically change it back and kill software X.

It's possible - you can use ReadDirectoryChangesW function to watch the file and react to changes (or FileSystemWatcher class if your service is implemented in .NET). Of course, in light of the first answer above, user can just kill your service and then alter the file...

Pavel Minaev
  • 99,783
  • 25
  • 219
  • 289
  • definitely using .NET can the function just watch a particular line in the file? ignoring other lines...? for example the service changes the key: line 20 can contain any string except "license=1234" else the service changes the key again and kill software X – justin Jul 16 '09 at 03:20
  • for example *after the service changes the key – justin Jul 16 '09 at 03:20
  • There's no way to watch a single line in the file. You'll have to watch the file (using `FileSystemWatcher`), and whenever anyone changes it, read it until that line, and check if its new value is what you want. – Pavel Minaev Jul 16 '09 at 04:29
0

NEVER make a service for something unless it's really a system service. If you are creating an application, then you have NO BUSINESS EVER running code on the system when the application is closed unless the user explicitly requested that operation. Ideas like this are the reason we (nerds) have to deal with so much crap when people ask us to "fix my computer, it's running so slow."

I would walk from a 6-figure salary before I would ever become a part of an abomination like that.

Edit: I suppose first I'd need a 6-figure salary... some day some day

Sam Harwell
  • 97,721
  • 20
  • 209
  • 280