I don't want user to see all the exporting functions through Dependence in my DLL, is there a way to do it? I complie my DLL with C++ and MS Visual Studio.
Asked
Active
Viewed 7,279 times
1
-
2I'm curious to know the real purpose behind doing so. The main purpose of exporting the functions is to let others know about my function signature. If that is not required then there is no need to export it. – aJ. May 11 '09 at 13:52
-
My DLL has many editions, I don't want the user who buy basic version to see the advance exporting functions. – Yigang Wu May 11 '09 at 14:25
-
1Make 2 DLLs and don't give the advanced one to the owners of the basic version. – jmucchiello May 11 '09 at 14:49
-
Other reason could be to reduce the size of the dll. – Canopus May 12 '09 at 06:31
7 Answers
6
Another option may be to create an exported function which will return an array of addresses of the functions which you would like to hide - once you have these addresses, you can call them directly
static void** Funcs = {&foo, &foo1, &foo2, 0};
__declspec (dllexport) void* GetFuncs (void)
{
return &Funcs;
}
in your executable you can do the following
void** Funcs = GetFuncs();
(*Funcs[0]) (1, 2, 3);
Danny Shumer
- 111
- 1
- 2
5
Use a *.def file and use the NONAME attribute to prevent the name's being exported: see Exporting Functions from a DLL by Ordinal Rather Than by Name ... there's an an example here.
ChrisW
- 54,973
- 13
- 116
- 224
3
This is really awkward, but if you don't want others to even see the ordinals, you can wrap your functions with COM. A COM DLL only exposes the common COM functions, so yours will be hidden. Then, there are techniques to use the DLL without registering it first, so no information about the COM class you'll be using could be found in the system. It's definitively a weird reason to use COM, but the request is quite uncommon as well...
Eran
- 21,632
- 6
- 56
- 89
-
7You can do something very similar without being COM: define your API as an abstract (i.e. pure virtual) C++ interface, and export a single function which returns a pointer to (an object which implements) that interface. – ChrisW May 11 '09 at 16:37
-
2
IMO using NONAME is useless for this purpose - it does not hide dependencies. Dependencies would still be shown (by using ordinals). And your basic users would still be able to get to them via GetProcAddress.
I think you'll have to use more sophisticated approach - e.g. solutions proposed by eran.
Andrey
- 4,216
- 1
- 23
- 31
1
Please don't try to hide your access inside a COM object thinking it will be hidden. Please see this article Enumerate COM object (IDispatch) methods using ATL? to see how someone can probe a COM DLL for function names.
Additionally it is desirable to hide the names of exported functions. This is desirable when your DLL is for your own use, via other code modules, and it does something which only you want your calling code to have access. This category may include algorithmic trade secrets.
Another trick is to export decoy functions that crash or set an internal state to allow the code know it has been compromised. In a compromised state the code can purposefully generate wrong results or random crashes. It could also send mail back to an account with information about the snooper.
Community
- 1
- 1
0
A really simple way is to wrap it in a packer like UPX.
What you see exported is just the stuff UPX uses to unpack the file into memory
shoosh
- 76,898
- 55
- 205
- 325
-
2
-
As long as you actually call a function, you can circumvent any attempt to hide it. un-UPXing a PE is less trivial than using depends. – shoosh May 11 '09 at 14:48
0
No, the whole point of having exports is so that they are VISIBLE.
That's the short answer. The long answer involves .def files. You can tell the linker to turn your C functions into indexes using a [definition file](http://msdn.microsoft.com/en-us/library/d91k01sh(VS.80).aspx).
jmucchiello
- 18,754
- 7
- 41
- 61