I'm able now to read an encrypted SWF from a resource to a stream, decrypt the file and load it directly into memory.
But unfortunately there are tools to scan memory and list/view/dump your pure SFW file used by the Flash Player. One such a tool is SFW Vampire.
Even fake SWF signatures doesn't seem to be safe.
There is one tool - SWFkit - who hides all the stuff, but that no longer exists and I use the F-In-Box component with Delphi 7.
Is there a way to hide/prevent SWF files reading from memory by fooling such tools?
Thanks.
Aren`t there any READ_WRITE ACCESS parameters at memory so only your program that reserves the memory can read and write to it ?
I am not an expert in this languages so here is a link if it helps :
http://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
You can destroy the flash file headers and some other parts after it's loaded to the memory. This is to prevent those tools from recognizing the files in memory. In addition, if it can dump to file, it should be a broken file.
Related
I have an app that is using NSFileWrapper to create a backup of the user's data. This backup file contains text and media files (compression is not relevant here). Sometimes these backup files get quite large, over 200 MB in size. When I call NSFileWrapper -writeToURL... it appears to load the entire contents into memory as part of the writing process. On older devices, this causes my app to be terminated by the system due to memory constraints.
Is there a simple way to avoid having NSFileWrapper load everything into memory? I've read through every NSFileWrapper question on here that I could find. Any suggestions on how to tackle this?
Here is the current file structure of the backup file:
BackupContents.backupxyz
user.txt
- folder1
- audio files
asdf.caf
asdf2.caf
- folder2
- audio files
asdf3.caf
Again, please don't tell me to compress my audio files. That would only be a band-aid to a flawed design.
It seems like I could just move/copy all of the files into a directory using NSFileManager and then make that directory a package. Should I go down that path?
When an NSFileWrapper tree gets written out to disk, it will attempt to perform a hard-link of the original file to the the new location, but only if you supply a parameter for the originalContentsURL.
It sounds like you're constructing the file wrapper programmatically (for the backup scenario), so your files are probably scattered all over the filesystem. This would mean that when you writeToURL, you don't have an originalContentsURL. This means the hard-link logic is going to get skipped, and the file will get loaded so it can get rewritten.
So, if you want the hard-linking behavior, you need to find a way to provide an originalContentsURL. This is most easily done by supplying an appropriate URL to the initial writeToURL call.
Alternatively, you could try subclassing NSFileWrapper for regular files, and giving them an NSURL that they internally hang on to. You'd need to override writeToURL to pass this new URL up to super, but that URL should be enough to trigger the hard-link code. You'd want to then use this subclass of NSFileWrapper for the large files you want hard-linked in to place.
I'm having problems with a free open cart module and was hoping to get some help.
While using the import/export tool I'm Getting the following error
"Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 25165824 bytes) in /home3/haas12/public_html/breslovcenter.org/system/PHPExcel/Classes/PHPExcel/Style/Supervisor.php on line 126"
I only have about 700 items and my xlsx file it is only 291k but it's saying 256MB in the error message.
I created a php info file and it is at:
http://breslovcenter.org/phpinfo.php
Anyone have any ideas on how to fix this? Any help would be greatly appreciated. I'm guessing this problem has to be due to some bug that makes it leak memory. I'm kind of stuck and not sure what to do.
The file might be small, but PHP uses a lot of memory/processing to open the excel file. While it does seem like a lot of memory, it's pretty well known for having that issue and you will need to increase your memory limit or find a better way to import (there are numerous other ways to import, they're just not as convenient)
The error message:
Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 25165824 bytes) ...
This says that Your Apache server has allowed memory size for PHP of 268435456 bytes (256 MB). This memory is shared between all possible threads Apache server may open. Your script is trying to allocate 25165824 bytes (24 MB) more (but this may differ per each request and depending on the loading file size).
PHPExcel, though excellent PHP extension for working with XLS(X) files, has one critical weakness - a requirement for lot of resources, especially memory. On a shared hosting with 32 or 64 MB of allowed memory size there is even no chance to run this extension.
The solutions
If You have the chance to modify the memory limit for Your PHP, then do so. Open up Your php.ini file and search for memory_limit setting. It should be now memory_limit 256M - change it to e.g. this value: memory_limit 350M or even to 512M if You want to be completely sure this won't happen in the future. If You have the possibility to modify the PHP settings from within the PHP scripts using the ini_set() directive, this may be even better to use only in the import script so that there is not so much useless memory allocated for each request: ini_set('memory_limit', '350M'); - it's best if You call this as the first line in Your import script.
If the option one is not possible (You do not have rights to access or modify the PHP settings on Your hosting) then the other possibility it to export the XLS(X) file into a CSV file and import the data from CSV which is maybe not so comfortable but for sure uses as less resources as possible.
As Jay Gilford says PHPExcel is well known for this issue. You can try either:
Editing the php.ini files
If your website is hosted on a shared server or you do not have access to the PHP Configuration you will need to amend two 'php.ini' files in your OpenCart installation. The first is in the root folder of your OpenCart installation and the second is in the '/admin' folder. Change:
memory_limit = 64M;
To:
memory_limit = 256M;
If you’re on a shared server there may be a limit imposed by your provider (from experience 1&1 is around 80MB) which would override these 'php.ini' files, in which case you may need upgrade to a dedicated server or VPS if you want to increase your PHP memory limit beyond this.
Increasing the PHP memory limit on your server
If you have access to the server PHP Configuration you can increase the PHP memory limit directly on the server through your Control Panel or via SSH. You will most likely need to restart your server for the changes to take effect.
Of course deleting some old products would do the trick and free up some memory usage, however you will encounter the issue again once you get back up to the same level. Alternatively you could try a different extension which is not so memory-hungry, however the import/export functionality of this extension still seems to be the best of its kind.
My application saves files to a database field. It will take file types of .pdf, .doc, .xls, and .html (for example) save them to the table, so I can later extract the value and open it as a file.
Currently, I am saving a file (type pdf in this example) to a Varbinary field in a SQL table I created. I am then reading that file back into a memory stream using the following code:
TBlobField(FieldByName('FileData')).SaveToStream(FileData);
I can save this to desktop as a pdf just fine. However I would like to open it directly from the memory stream with the appropriate application (in this example adobe acrobat). I could write this to file first and then open it with shellexecute but i would rather open it directly. How would I go about accomplishing this? Any help would be greatly appreciated, I've looked all over and can only find examples using shellexecute to open Filepaths. ShellExecuteEx claims the lpFile can be set to an object but i haven't had any luck getting it to work.
You cannot do that. Memory is private to a process. When the Acrobat process executes, it cannot read your memory. You will have to save to a file and ask Acrobat to open that, or host a PDF viewer component in your process.
I have a system where users can upload, well, anything really - and these files are available to other users.
I need to come up with a list of file types that are genuinely needed by professionals in different industries that are safe from hacking/viruses, etc.
.doc .docx .gif .jpg .jpeg .mpg .mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav
What other file types do you know of that are both useful and safe?
Clarification
Many of the comments and responses are asking for a clearer definition of 'safe from hacking/viruses' - I ask the question with precisely that level of detail because I don't have as sophisticated an understanding of file types and their risks as many of you do, and I would like guidance on 1) any file types that may keep my site more secure, and 2) if there are no 'safe' file types then any advice on how to move forward with a system that allows for flexible uploading and sharing of files.
If indeed any malicious file can be packaged as a seemingly-safe file, how can I protect my users?
No filetype is safe if the program you use to open it with is badly (or carelessly or evil-y) written.
You can't assume that all files with a given extension is safe from 'viruses'.
I can easily rename a malicious executable to .doc and 'hack' your system.
EDIT:
There is no (simple?) way to check whether a user-uploaded file is malicious or not.
The app that you're creating is no different than any other file sharing websites out there (Rapidshare, Megaupload, etc).
There is nothing stopping anyone to upload malicious files to those websites.
Safe files does not exists. The ordinary text file is safe? For example with content:
format c:
if some program can execute a content of the file... you get the idea.
So, here are not safe files - only restrictions to RUN code (programs). (And I understand if this answer does not like.) :)
For "useful" you'll need to ask your customers.
For safe, there's no such thing because a file extension is just a part of the file name that gives a suggestion of what type of file it is. It need not accurately represent the type, and is easily manipulated.
Rather than protecting based on file type. I would get a 3rd party to virus scan each file on upload. Reject those which are identified as positive.
The list is pretty endless! A quick search finds http://filext.com/alphalist.php?extstart=^A
Well you can include all data files and exlude all executable/script files.
One list of executable file extensions is here: http://pcsupport.about.com/od/tipstricks/a/execfileext.htm
you may look other sources to inprove coverage.
Edit: for second part of the question addressing sequrity-
It would be best to have bunch of anti malware software installed on the server to check each sumbission - they are designed for this specialized task, use them. Anyways no executable file is professionaly useful as long as people are not looking for crackware.
Wondered if anybody knows how customizable Flash swf files are made, where there appears to be a template swf that the user can then input some changes (eg text or image) and receives a newly-compiled swf file with their changes.
Some examples:
- http://flashfreezer.com/landingconfetti/index.html
Constraints:
- user receives a single output swf file that can be played with all their changes included. ie there is no reading from an xml file, or using Flashvars.
Been trying different things for a few weeks with no luck!
There are a number of ways, but generally the most common is to either use a SWF generating library (like PHP's) or through server-side compiling.
Normally, this will be a custom or proprietary library which uses the same language that the serve is running (and there are open-source libraries for this in PHP, Perl, Python, Java, C++... etc). The SWF is generated and served up with the appropriate headers so that the browser knows how to re-direct it. Often this will involve a pre-defined template which is then modified slightly for the new input. Only occasionally does this involve the manipulation of pre-generated SWF directly.
The other option is to have a command line call to the Flash IDE or the Flex compiler (and, technically, this can work for CS3 and CS4, though in a very nasty and hackish way) to generate a new version of the SWF on the fly. This is often slower, but it will generally yield a more finished feel to a product.
You could try Swiffotron. It can modify SWF files and do text replace type things on both text elements and in compiled actionscript.
Here's a swiffotron xml job file that does some text replacing.
And here's a swiffotron XML job file that modifies instances on the stage.
I didn't check the site, but the only way I can think of is to read the requirement details through flash (this can be done through plain html also) and then generate the AS files from their templates and compile them at the server side (using mxmlc or other compilers) and give back the SWF.
I get the impression that you're looking for SwfMill. SwfMill creates a swf based on an XML file that you create/define. You could use SwfMill on the server to generate a swf based on user input.