I have written a UI in Electron and I would like to connect it with my C++ code. However, I will be selling this product and so I would like to know if this makes it easier for people to crack my C++ code? Obviously I know compiled C++ can be cracked anyway, but does this affect it in any way?
Additionally, what is the best way to go about this while preserving maximum possible security?
Thanks.
EDIT: How about this? Is it possible to use c++ as back-end for Electron.js?
EDIT2: To clarify, my Electron app will be showing the status of operations being performed in the C++ program. As such, I will need to send lists, dictionaries, strings etc. from C++ to JS which will then render it. Additionally, buttons on my Electron app need to trigger actions in the C++ code, such as stopping or starting certain parts of the program.
I have written a UI in Electron and I would like to connect it with my C++ code ...
I would like to know if this makes it easier for people to crack my C++ code?
Using electron does not make any meaningful difference for protecting the C++ source code. (Your intellectual property)
The Javascript code running in electron will be very easy to reverse engineer though, which gives users a head start on experimenting with your C++ binary. Using minification and obfuscation tools can at least make that harder.
For the C++ side, connecting C++ to Electron can be done in at least these two ways:
By dynamically linking to a shared library (Node.js C++ Addons)
In this case your C++ API would be functions that get exported by the shared library. There are many tools to inspect shared libraries (DLLs) and view these functions.
By communicating with another process using some sort of Inter-process communication.
In this case your API would depend on the IPC method used. If it was TCP/UDP messages you could use Wireshark to inspect the packets between the processes. There are ways to inspect messages going over any type of IPC.
Either way, your application must be delivered to the end-user with a compiled binary. Preventing reverse engineering of the binary itself is impossible if you actually give the binary to your users.
You should also expect that a savvy end-user will have access to other tools that can inspect the API and implement third-party code that talks to that API.
Additionally, what is the best way to go about this while preserving maximum possible security?
By "maximum possible security", I will assume you are referring to preventing unauthorized use of the C++ code with other applications.
You would need a licensing system that can authenticate the application that is using your C++ binary's API. Explaining what that would be exactly is probably too large of an answer for a Stack Overflow, and you will have to do some research on how licensing systems are implemented.
It may be theoretically impossible to develop a perfect licensing system though. Look at the gaming industry, it takes just a matter of days to for the licensing software become circumvented for every new game that is released. The only software architecture that cracks haven't completely conquered are cloud-based applications, which don't actually deliver compiled code with their business logic to the end-user's computer.
Related
I’m trying to use Lua/Moonsharp API scripting. There’s a command library, but there isn’t a function that I need. My question is, am I able to create my own function, or am I limited to what’s been written?
Specifically, for a software called BobCAD a Lua plugin is available. There are lists of commands like Bcc.SetCamObjParameter, though, there isn’t the command that I need. I’m assuming that some aspects of the BobCAD software are inaccessible to API, but am I limited to the library in this plugin, or can I add my own commands? I thought that there would be some C# file somewhere in the program directory where I can read the functions and possibly learn how to create my own, but I don’t see anything like that. (Or are scripting functions set up internally to the software, and I’m only given access to what has been provided?)
(N.b. I'm not familiar with BobCAD specifically, but this answer should be generally applicable.)
Generally speaking, for use cases like this (where Lua scripting is provided as part of a larger program, or by a plugin for a larger program), it's the developer of the program or plugin who decides what API is available to Lua. In the latter case they may also be limited by what the program's plugin API allows; in the case of BobCAD you are likely limited to what the BobCAD plugin API permits, and then further limited by what parts of that API the developers of the Lua plugin chose to make available to Lua itself.
You can of course write your own functions in Lua, but in terms of actually talking to the host program you are restricted to the API that program makes available, unless they make available some mechanism (like LuaJIT's Foreign Function Interface) for reaching into the program from Lua and calling functions that were not made explicitly available -- which most do not.
As for finding "a C# file somewhere in the program directory" -- C# is a compiled language; C# libraries are generally shipped as pre-compiled CLR binaries (with a .dll extension) and do not contain source code. If the source code for BobCAD and/or the Lua plugin is available you could always modify it and re-compile it, but as BobCAD is commercial, closed-source software, I would not expect it to be available.
At that point, your options are basically:
figure out a way to do what you need with the commands that are available;
try to reverse engineer enough of the program to do what you need without access to the source code;
or look for another program that has the features you need.
This is a somewhat general question but I'm hoping someone will have specific info or recommendations.
I have an application suite that includes a service application that acts as a communications interface and data historian for industrial pollution-control hardware. The service contains a singleton COM server to allow the rest of the suite to have access to the hardware and data via the service.
I've read the stuff about how SvCom is required to make COM servers work in Delphi service apps. I have and use SvCom - it does what it claims. But I'm not all that comfortable with it, the product and my coding styles and expectations don't match, and it makes debugging somewhat more of a headache.
But my real problem is with the idea that the lengths SvCom goes to to make a COM server work in a service app is absolutely required. Their documentation, and some of the stuff that comes up in searches on the subject, makes it sound like their toolbox is absolutely required for any COM-server-in-service scenario. But I have a couple of different 3rd-party libraries for implementing OPC servers, Prosys Sentrol and the older Production Robots library (if you're not familiar with OPC, it's a pretty-much ubiquitous data-interchange standard built on COM) and both support the OPC COM server being put in standard TService-based apps without special handling beyond doing in the AfterInstall and BeforeUninstall events what would normally be done in a stand-alone EXE when run with the /regserver or /unregserver command-line switches, and of course using DelayInitialize := True. So at least SOME COM servers can be done as typical TService-based apps without the extraneous steps SvCom goes through.
So my question is: Is the line between "what sorts of COM servers work in a TService-based app" and "what causes the need for the extra stuff SvCom does" clearly known? If so, what is it and/or where is it documented? If not, I'm kind of surprised - seems like implementing COM servers in service apps would be a fairly common need, but I've does several deep searches and, based on the dearth of info I've found on the subject, maybe it's not.
I have been reading the abstracts on the website http://www.rikulo.org but all those cryptic vague statements do not help me. The examples are all about visuals.
I do not understand what this framework is capeable of doing. The big picture is missing.
What kind of apps can i build with rikulo?
Is there any access to the hardware?
Can is use the smartphones sensordata and send e.g. coordinates from my smartphone to a web service?
What are the limitations?
As described in this blog, Rikulo is aimed to provide a structured UI model for Web and mobile programming. We are the same team who developed ZK. With Rikulo, we'd like to take a step further since many things have been changed since we developed ZK in 2005. Also, both Dart and HTML 5 are young. It is an excellent moment to explore the best possible UI architecture for both Web and mobile programming.
For example, we use absolute positioning to give programmers 100% control the layout of UI rather than spending hours to figure out why it fails in certain combination. Another example is "recursive layered structure", such as layout manager and visual effect handling -- rather than ad hoc features targeting specific problems individually.
On the other hand, we don't have many widgets yet. It might be the reason that confused you. As a Apache licensed project, we hope we can have an active community for building widgets and addons, as long as we can really provide a solid and elegant architecture -- it is what we focus now and keep refining.
To access the hardware, you can use Rikulo Gap which is based on Cordova/PhoneGap. To communicate back the server, you can use Web socket or HttpRequest. We will have more advanced support for jsonizing, caching and communicating Dart objects between client and server, but it is not ready yet.
Technically, there is no limitation. Of course, the current number of widgets is definitely not enough, but it will get more in the near future. Furthermore, you always can create them with HTML 5 (and contribute back). However, for mobile applications, one thing you have to keep in mind: the performance won't be as good as the apps written in Objective C. The good is Rikulo is cross platform and your app can be accessed with Web browsers and as a native app.
I'm currently starting to integrate "Delphi Web Script" in my application basically only as a scripting engine (interfacing with functions, classes, etc.); awesome software for the standard delphi open source quality in my opinion, but just for curiosity,
What's exactly the "web part" of the project?
How is intended to be used?
It was used somewhere with some success commercially?
Thanks!
As ain said, the original use was for PHP-like, ASP-like server-side web-page generation, but it was also capable of general purpose use, which is what I used it for. And as I did not use the "web" side of DWScript, most of the "web-oriented" features haven't been ported over (only the HTML Filter was ported actually).
The Web functionality is still available in the SourceForge repository, if someone wants to tackle the port. Though, they may be outdated beyond simple renamed methods and classes, as since DWSII, the script engine has gained various features. For instance, it is now capable of multiple thread-safe executions of a single compiled script, while the old codebase is built around the limitation that a compiled script can be executed by only one thread at a time.
On the other hand, there are some new features that could simplify the porting, the simple WebServer demo recently added uses RTTI to expose TWebResponse & TWebRequest f.i. (was manually exposed in DWSII). On the down side, that's only possible with recent Delphi versions.
AFAIK the main focus of the original author of this scripting engine was to make it possible to embed Pascal scripts into HTML pages, just like ie PHP does it. Hence the name "Delphi Web Script". While the focus of the current maintainer, Eric Grange, is on using it as a general purpose scripting engine, it should still be possible to use it for web purposes as well - for that you use the "filters" feature of the library. Check out the dwsHtmlFilter unit for HTML filter.
I want to develop an application that can retrieve information such as, DLL version, DLL build mode(debug or release), info. regarding OS, memory, processer, processes/threads, program version etc. I am developing this mainly for Windows, but it'd be good if the application supports Linux too(wherever applicable).
I am basically a java programmer, and I know C, C++ to some extent.
Which programming language should I go for, that'd make my job easy? i.e. which language has APIs to fetch these kind of information?
Well... APIs are available regardless of the language... But the easiest way to get at what you are trying to do is going to be a C or C++ app. That doesn't mean it'll be easy (getting a DLL version is easy, getting memory and processor type is easy. The other stuff is certainly possible, but you may have to roll up your sleeves and learn the win32 API).
You might want to take a look at an application that already does exactly what you are asking about (Process Explorer) before you try to develop this yourself... It's going to be a big undertaking - and the folks at Sys Internals are really, really good at this stuff, and have already done it.
You commented on Kevin Day's answer that you would prefer to use Java for this.
Java is not very well suited for this, because the information you want to get is very platform-specific, and since Java is designed to be platform-independent, there are not a lot of ways to get at this kind of information from Java.
There are some methods in classes java.lang.System and java.lang.Runtime to get information about the platform that your Java program is running on. For example, class Runtime has a method availableProcessors() that tells you how many processors are available to the Java virtual machine. Note that this is not the same as the number of processors (or cores) that exist in the computer; the documentation even says that the number may change while the program is running.
Lookup the documentation for java.lang.System and java.lang.Runtime for more information.
Most likely you're not going to get exactly the information that you need by using pure Java - C or C++ will be better suited to get this kind of platform-specific information. If you would need this information from a Java program, you could write a small DLL or shared library and use JNI to call into it from your Java program.
Since DLLs are mentioned I presume we are talking about Windows.
I would recommend using WMI queries. They look very much like SQL and give you access to many very useful classes.
e.g. all info about the OS can be found here - in W32_OperatingSystem:
http://msdn.microsoft.com/en-us/library/aa394239(VS.85).aspx
You can use WMI classes from any language including C++.
As a side note - if you start a new application from scratch consider using PowerShell - new scripting language from Microsoft.