[Lazarus] Detecting when decompiler is running

2015-12-04 Thread Richard Mace 
Hi All,
I was wondering if there was a way where an application, written in
Lazarus, could detect when a compiler is running, perhaps by it's mutex?
My idea was, in my application, I could periodically check to see if a
decompiler was running and then my app could perform an operation, such as
maybe closing.

Thanks in advance

Richard
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Strange application startup problem

2015-12-04 Thread Tony Whyman 

Any Initialization clauses in your form or the units it brings in?

On 04/12/15 00:52, Aradeonas wrote:

Hi,
Today I open one of my applications and start working on it and made 
many changes and hit the run but it will immediately crash!
So like a programmer I add a break poit on my main form create and no 
it will not run and crash will happen.

So I add another break point to first line of application:

begin
  RequireDerivedFormResource:=True; // Here
   Application.Initialize;
   Application.CreateForm(TFormX, FormX);
   Application.Run;
end.

the lpr file is made automatically but even the first line will never run!
It was strange so I delete CreateForm line and run again :

begin
  RequireDerivedFormResource:=True; // Here
   Application.Initialize;
   Application.Run;
end.

And now everything work!
So the problem is form but what?
I add a new clean form and make it main form like this :

begin
  RequireDerivedFormResource:=True;
  Application.Initialize;
  Application.CreateForm(TForm1, Form1);
  Application.Run;
end.

And run and everything OK.
So add a button on Form1 and write :

  Application.CreateForm(TFormX, FormX);
  FormX.Show;

And again crash without even running the line in button or clicking it.
Project is in default mode (made from lazarus and I every debug mode 
is on and I checked default debug mode ) and nothing, I also uncheck 
Win32 target platform so maybe it show any message in CMD but nothing.
This program is bug and I cant share the code or forms and I dont know 
what was changed this and I can go back,I just need a debug info.

So anyone has a clue on what is the problem or how find it?
I do this in a Windows 8 64bit with Lazarus 1.5 and FPC 3.1.1 .
Regards,
Ara
--
http://www.fastmail.com - Choose from over 50 domains or use your own


--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus


--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] How to destroy object / component by itself?

2015-12-04 Thread Michael Schnell 

On 12/03/2015 09:26 PM, Krzysztof wrote:

How to destroy object or component in its own method


You can do a "pseudo-finalizer" method in an object that just ends by 
"Free;".


Here you (e.g. ion a thread) can create an object and queue that 
function via TThread.Queue, TThread.Synchronize, or 
Application.QueueAsyncCall. Now the object is automatically freed 
without you needing to bother about saving it (i.e. a pointer to same) 
in a variable.


(AFAIK implementing "real" finalizer methods - supposedly just syntax 
candy for exactly this) has already been discussed in the FPC developers 
message list)


-Michael


--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Sven Barth 
Am 04.12.2015 10:29 schrieb "Michael Schnell" :
>
> On 12/04/2015 09:29 AM, Richard Mace wrote:
>>
>>
>> My idea was, in my application, I could periodically check to see if a
decompiler was running and then my app could perform an operation, such as
maybe closing.
>
>
> Why should open source software need a decompiler ?

Why do you assume that every software written in Lazarus/Free Pascal is
automatically an open source one?

Regards,
Sven
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Richard Mace 
Because this particular application of mine, is not open source.

Richard
On 4 Dec 2015 09:29, "Michael Schnell"  wrote:

> On 12/04/2015 09:29 AM, Richard Mace wrote:
>
>
> My idea was, in my application, I could periodically check to see if a
> decompiler was running and then my app could perform an operation, such as
> maybe closing.
>
>
> Why should open source software need a decompiler ?
>
> -Michael
>
> --
> ___
> Lazarus mailing list
> Lazarus@lists.lazarus.freepascal.org
> http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
>
>
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Sven Barth 
Am 04.12.2015 09:29 schrieb "Richard Mace" :
>
> Hi All,
> I was wondering if there was a way where an application, written in
Lazarus, could detect when a compiler is running, perhaps by it's mutex?
> My idea was, in my application, I could periodically check to see if a
decompiler was running and then my app could perform an operation, such as
maybe closing.

You can't do anything actively against a decompiler (please don't confuse
this with "compiler"...) or dissasembler as these are running while your
application is not. You'd need to use code obfuscation for that -
especially on the assembly level - so that neither a human nor an algorithm
can easily reconstruct the code's meaning.
What you cam do at runtime though is to protect against debuggers.
Since this isn't specific to Lazarus/Free Pascal I'd suggest you to look
also in context of C/C++ programs.

Do you want to protect your whole application or only a specific part?
(e.g. a specific algorithm you don't want to disclose or the license
validation code)

Regards,
Sven
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Gabriele Cappelletto 

  
  
Even my project is not open source and if I see him I would be
willing to make a small donation to the project FreePascal / lazarus

Gabriele

Il 04/12/2015 10:28, Michael Schnell ha
  scritto:


  
  On 12/04/2015 09:29 AM, Richard Mace
wrote:
  
  

  My idea was,
in my application, I could periodically check to see if a
decompiler was running and then my app could perform an
operation, such as maybe closing.
  

  
  
  Why should open source software need a decompiler ? 
  
  -Michael
  
  
  
  --
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus



  


--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Strange application startup problem

2015-12-04 Thread Aradeonas 
It seems FPC optimizer know what line will be used so compile them and
probably line initialization lines but how I can find out what line
will run! It is so ugly that you can not find out what line in your
program will run!

Regards, Ara


-- 
http://www.fastmail.com - IMAP accessible web-mail

--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Michael Schnell 

On 12/04/2015 10:44 AM, Sven Barth wrote:


Why do you assume that every software written in Lazarus/Free Pascal 
is automatically an open source one?


I don't assume "is" but I assume "should be", as I consider closed 
source projects as a fraud against the highly valuated fpc and lazarus 
team members. pen source software of course can be payed for customer 
projects, but any obfuscation of the true working of a program in 
neither "nice" towards the customer nor sensible, as a decent hacker 
will crack it, anyway.


-Michael

--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Strange application startup problem

2015-12-04 Thread Aradeonas 
I think about that and I checked as I can but neither of them will run
and also I add another project and add all the packages and uses units
in FormX to it so if any Initialization make the problem I could find it
but no, without no problem it will run. Just this project and just this
form cause problem and Lazarus it self also doesn't give any error about
form error or what ever.

Regards, Ara


-- 
http://www.fastmail.com - Choose from over 50 domains or use your own

--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Michael Schnell 

On 12/04/2015 09:29 AM, Richard Mace wrote:


My idea was, in my application, I could periodically check to see if a 
decompiler was running and then my app could perform an operation, 
such as maybe closing.


Why should open source software need a decompiler ?

-Michael
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Strange application startup problem

2015-12-04 Thread Aradeonas 
How can I know what lines run from the first line?

Regards, Ara


-- 
http://www.fastmail.com - Does exactly what it says on the tin

--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Mark Morgan Lloyd 

Michael Schnell wrote:

On 12/04/2015 10:44 AM, Sven Barth wrote:


Why do you assume that every software written in Lazarus/Free Pascal 
is automatically an open source one?


I don't assume "is" but I assume "should be", as I consider closed 
source projects as a fraud against the highly valuated fpc and lazarus 


The only fraud would be if something was written in contravention of the 
appropriate licenses (i.e. reused bits of something that was GPLed, or 
modified something which was LGPLed without offering the changes to the 
community).


However as a lesser fraud I'd suggest something which was closed source 
and refused to even acknowledge what language etc. had been used. 
(Object) Pascal needs public support, particularly with what's happening 
to Delphi, and a few words in the right places that got people to look 
at it as a high-level language superior to Python et al. could be really 
valuable.


team members. pen source software of course can be payed for customer 
projects, but any obfuscation of the true working of a program in 
neither "nice" towards the customer nor sensible, as a decent hacker 
will crack it, anyway.


Maybe, maybe not. But it's not just a case of who's worked out how a 
program (supplied as a binary or as "shrouded" source) works, but who's 
got a right to re-use bits of it. And quite frankly, I'd suggest that 
banging the "anything written using an open source tool *MUST* be open 
source" drum doesn't help anybody.


--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]

--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Richard Mace 
On 4 Dec 2015 09:48, "Sven Barth"  wrote:

> Do you want to protect your whole application or only a specific part?
(e.g. a specific algorithm you don't want to disclose or the license
validation code)
>
> Regards,
> Sven
>

Hi Sven,
I guess just the license checking part really.
I am already using OnGuard but I was just thinking about maximising the
protection before its released.

Richard
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Marc Santhoff 
On Fr, 2015-12-04 at 14:20 +, Mark Morgan Lloyd wrote:
> Marc Santhoff wrote:
> > On Fr, 2015-12-04 at 08:29 +, Richard Mace wrote:
> >> Hi All,
> >> I was wondering if there was a way where an application, written in
> >> Lazarus, could detect when a compiler is running, perhaps by it's mutex?
> >> My idea was, in my application, I could periodically check to see if a
> >> decompiler was running and then my app could perform an operation, such as
> >> maybe closing.
> > 
> > As others said, decompilers and disassemblers are not detectable. But
> > for protection there are other counter measures.
> > 
> > 1. Protect your program using checksums. Refuse to run if tampered.
> 
> The ld linker for ELF can embed a fingerprint, that can be read back 
> fairly easily but I've not attempted to verify an entire binary against 
> it. What I don't know is what part of a binary contribute to this, and 
> whether- as a specific example- stripping symbols changes it.

Not easy but possible ...

I will not publicly tell more about the nasty upper and the ghastly
lower layers in use ... ;)

> The real problem however is the ease with which an attacker can 
> substitute a hostile library, e.g. using (something like) 
> LD_LIBRARY_PATH on unix.

For hacking protection external functions are not used. External in the
sense of being located in some dynamically loaded lib.

Protection against other frauds is another topic.

> > 2. Use varying protection schemes randomly. I did sth. like that by
> > including protection code that is switched from the make process between
> > multiple versions. If some hacker really solves the riddle for one
> > executable, her hack will fail on most others. Same scheme as compiling
> > in a serial number, that is changed for each compilation.
> > 
> > 3. Check integrity of the program often, from many placces in the
> > program. If really paranoid, you can combine with randomly selected
> > checking routines. Using a code scanner/parser and injection code for
> > checks is relaitvely simple, e.g. at the start of a procedure insert a
> > check and exit code (or leave out, depending on the moons phase or so).
> 
> Making random choices can be unwise, because sooner or later you hit a 
> weak combination.

Never had that problem. In principle you're right, but If the goal is to
check some validation points and exit on fail it is meaningless for the
rest of the program. The other case is "do nothing if OK". If there are
some timing sensitive hardware function, those have to be taken out of
the code insertion run.

> Also as a general point I once had a colleague who spent his lunchtimes 
> methodically single stepping through AutoCAD with a view to finding out 
> how the security dongle worked, and he was broadly successful despite 
> professing to know no x86 assembler.
> 
> So you can obfuscate things as much as you want, but that's no 
> protection against somebody with patience.

That's why often and unexpected are the main guidelines for this scheme.
You need to hack each and every executable, which mostly isn't worth the
effort. And even if you try, it will take ages.

The other thing is, the hacker has to distribute the binary executable
of the program hacked, for all others it will not work. If the program
is worth a lot you'll have to fight against illegal copying in any case.

For the general case of software distribution the use of activation
codes bound to some checksums retrieved on the target computer are safe
(enough), me thinks.

> > If you have enough checks, enough randomness between varying mechanisms,
> > hackers will give up for sure. You are in trouble if those programm
> > sould be distributed on DVD from one master, though.
> 
> Yes, big trouble. And I assume that you've seen yesterday's news about 
> Raspbian being insecure because all copies start with the same (or no) 
> "entropy", so SSH is seeded the same.
> 
> There is no substitute for a piece of hardware or software being 
> uniquely serialised, and the user's contract (or license, or whatever 
> you want to call it) being tied to that.

What I did not mention is, that I used this scheme from the solid
position of being able to rely on some hardware serial numbers.

General software (only) distribution needs another source of checksum,
but that one will need to be checked, too.

> > I'd like to hear from others about their anti hacking tools ... ;)

Still so, how do you protect?

Marc

-- 
Marc Santhoff 


--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Marc Santhoff 
On Fr, 2015-12-04 at 08:29 +, Richard Mace wrote:
> Hi All,
> I was wondering if there was a way where an application, written in
> Lazarus, could detect when a compiler is running, perhaps by it's mutex?
> My idea was, in my application, I could periodically check to see if a
> decompiler was running and then my app could perform an operation, such as
> maybe closing.

As others said, decompilers and disassemblers are not detectable. But
for protection there are other counter measures.

1. Protect your program using checksums. Refuse to run if tampered.

2. Use varying protection schemes randomly. I did sth. like that by
including protection code that is switched from the make process between
multiple versions. If some hacker really solves the riddle for one
executable, her hack will fail on most others. Same scheme as compiling
in a serial number, that is changed for each compilation.

3. Check integrity of the program often, from many placces in the
program. If really paranoid, you can combine with randomly selected
checking routines. Using a code scanner/parser and injection code for
checks is relaitvely simple, e.g. at the start of a procedure insert a
check and exit code (or leave out, depending on the moons phase or so).

If you have enough checks, enough randomness between varying mechanisms,
hackers will give up for sure. You are in trouble if those programm
sould be distributed on DVD from one master, though.

I'd like to hear from others about their anti hacking tools ... ;)

Marc

Btw., the licence of the library code permits making closed source
programs. Only Lazarus itself and the compiler code are open source. One
point I like FPC/Lazarus for and use it.

-- 
Marc Santhoff 


--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Michael Schnell 

On 12/04/2015 02:09 PM, Marc Santhoff wrote:

1. Protect your program using checksums


Don't connect the computer that holds the sources to the Internet.

-Michael


--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Mark Morgan Lloyd 

Marc Santhoff wrote:

On Fr, 2015-12-04 at 08:29 +, Richard Mace wrote:

Hi All,
I was wondering if there was a way where an application, written in
Lazarus, could detect when a compiler is running, perhaps by it's mutex?
My idea was, in my application, I could periodically check to see if a
decompiler was running and then my app could perform an operation, such as
maybe closing.


As others said, decompilers and disassemblers are not detectable. But
for protection there are other counter measures.

1. Protect your program using checksums. Refuse to run if tampered.


The ld linker for ELF can embed a fingerprint, that can be read back 
fairly easily but I've not attempted to verify an entire binary against 
it. What I don't know is what part of a binary contribute to this, and 
whether- as a specific example- stripping symbols changes it.


The real problem however is the ease with which an attacker can 
substitute a hostile library, e.g. using (something like) 
LD_LIBRARY_PATH on unix.



2. Use varying protection schemes randomly. I did sth. like that by
including protection code that is switched from the make process between
multiple versions. If some hacker really solves the riddle for one
executable, her hack will fail on most others. Same scheme as compiling
in a serial number, that is changed for each compilation.

3. Check integrity of the program often, from many placces in the
program. If really paranoid, you can combine with randomly selected
checking routines. Using a code scanner/parser and injection code for
checks is relaitvely simple, e.g. at the start of a procedure insert a
check and exit code (or leave out, depending on the moons phase or so).


Making random choices can be unwise, because sooner or later you hit a 
weak combination.


Also as a general point I once had a colleague who spent his lunchtimes 
methodically single stepping through AutoCAD with a view to finding out 
how the security dongle worked, and he was broadly successful despite 
professing to know no x86 assembler.


So you can obfuscate things as much as you want, but that's no 
protection against somebody with patience.



If you have enough checks, enough randomness between varying mechanisms,
hackers will give up for sure. You are in trouble if those programm
sould be distributed on DVD from one master, though.


Yes, big trouble. And I assume that you've seen yesterday's news about 
Raspbian being insecure because all copies start with the same (or no) 
"entropy", so SSH is seeded the same.


There is no substitute for a piece of hardware or software being 
uniquely serialised, and the user's contract (or license, or whatever 
you want to call it) being tied to that.



I'd like to hear from others about their anti hacking tools ... ;)

Marc

Btw., the licence of the library code permits making closed source
programs. Only Lazarus itself and the compiler code are open source. One
point I like FPC/Lazarus for and use it.


--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]

--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Mark Morgan Lloyd 

Michael Schnell wrote:

On 12/04/2015 02:09 PM, Marc Santhoff wrote:

1. Protect your program using checksums


Don't connect the computer that holds the sources to the Internet.


In principle, it should be possible for a binary to be signed in such a 
way that it can't be rebuilt, even from unmodified sources.


--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]

--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

[Lazarus] Is there any pascal implimentition on websocket comunication?

2015-12-04 Thread pingyu 
I searched internet but cannot find any information.--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Are you on Windows 10? Are you experiencing slow installs? Here's the deal...

2015-12-04 Thread Richard Mace 
>
>
> My solution to this mess is simple, albeit not too forward thinking: Don't
> use Windows 10
>

​The trouble is, that's not an option as if your coding for Windows, that
will be the majority platform at some point.

Richard​
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Richard Mace 
On 4 December 2015 at 11:01, Gabriele Cappelletto <
cappellettogabri...@yahoo.it> wrote:

> Even my project is not open source and if I see him I would be willing to
> make a small donation to the project FreePascal / lazarus
>
> Gabriele
>
>
​I intend to make a contribution to FreePascal / Lazarus for each copy of
this application that is sold as my part of giving back.

Richard​
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Sven Barth 
Am 04.12.2015 13:02 schrieb "Richard Mace" :
>
>
> On 4 Dec 2015 09:48, "Sven Barth"  wrote:
>
> > Do you want to protect your whole application or only a specific part?
(e.g. a specific algorithm you don't want to disclose or the license
validation code)
> >
> > Regards,
> > Sven
> >
>
> Hi Sven,
> I guess just the license checking part really.
> I am already using OnGuard but I was just thinking about maximising the
protection before its released.

I can't comment on how good OnGuard is regarding that, but the hints from
Marc Santhoff are definitely something and other than that I'd search for
C/C++ stuff as that can most likely be adapted for FPC.

Regards,
Sven
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Sven Barth 
Am 04.12.2015 11:34 schrieb "Michael Schnell" :
>
> On 12/04/2015 10:44 AM, Sven Barth wrote:
>>
>>
>> Why do you assume that every software written in Lazarus/Free Pascal is
automatically an open source one?
>>
> I don't assume "is" but I assume "should be", as I consider closed source
projects as a fraud against the highly valuated fpc and lazarus team
members. pen source software of course can be payed for customer projects,
but any obfuscation of the true working of a program in neither "nice"
towards the customer nor sensible, as a decent hacker will crack it, anyway.

Maybe you never had the problem of your software to be illegally
distributed or even hacked to be distributed as such. There is a certain
point when you *must* do something, otherwise your losses get too large.
And this also applies to otherwise legal customers not adhering to the
license restrictions because they aren't technically enforced anyway.
Also it doesn't need to be protected forever, just long enough that you can
release the next version where the crackers would need to begin anew (of
course one needs to adjust one's copy protection/tamper proofing then).
Also the more complex a software is to crack the further down in the ToDo
list of the cracker it is.

Regards,
Sven
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Is there any pascal implimentition on websocket comunication?

2015-12-04 Thread Michael Van Canneyt 



On Fri, 4 Dec 2015, pingyu wrote:


I searched internet but cannot find any information.


Yes. Look for bauglir websocket. It uses synapse.
I use it, it works very well.

Michael.

--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Martin Frb 

On 04/12/2015 08:29, Richard Mace wrote:

Hi All,
I was wondering if there was a way where an application, written in 
Lazarus, could detect when a compiler is running, perhaps by it's mutex?
My idea was, in my application, I could periodically check to see if a 
decompiler was running and then my app could perform an operation, 
such as maybe closing.


Well there is no 100% protection.
Even if you make it so hard, that it is financially not interesting for 
a cracker, there will be someone who does the job to make him self a 
name, add it to their trophy list.
Hence my opinion: if you spent to much time/money on protection, then 
thats already your loss.


Anyway, there are 2 ways your app can be hacked.
1) a key can be distributed.
  1a) Either stolen, or bought with wrong credentials
  1b) a key generator can be written
2) a patch can be written to modify your exe.

(2) is always possible, and will happen unless (1) is really simple. But 
(2) is not so attractive to the users, as the risk is that they download 
a virus with it. IMHO attempting to protect against (2) is a waste of time.


(1) is important. Because downloading a key (usually a bit of text) is 
easy. Sign licenses with a private key. That should stop (1b).


(1a) can IMHO only be solved by phoning home. That in itself can loose 
you a small number of potential buyers.
Download a revocation list: hashes of keys no longer allowed, the 
overall list is signed, and it is issued with a time stamp, updated 
every minute. Your app will only run, if it can get a list not olden 
than x days.  Downside if your server is down, longer that this . 
Also the user needs internet.
Alternatively you can try to bind the license key to the hardware 
signature of the users pc. Allowing to reactivate a few times, then 
having to phone you I remember some big company did that in the past.


The other option is a dongle. Then you do not need to phone home. Again 
some hacker will create a patch to your software. But hopefully enough 
users will pay, rather than risking a virus.



--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Detecting when decompiler is running

2015-12-04 Thread Chavoux Luyt 
Hi

On 4 December 2015 at 18:14, 
wrote:

> 
> > I'd like to hear from others about their anti hacking tools ... ;)
>
In addition to some good points already made, I would refer you to an old
and still good article at: http://71.6.196.237/fravia/protec.htm (
http://www.woodmann.com/fravia/protec.htm). This was written from the
cracker's perspective. Keep in mind that often it is the challenge of
cracking a program, rather than making money or "stealing" a program that
drives the real cracker (somebody else often uses his work in order to try
to make money or claim fame), E.g. I have reverse engineered legally bought
copies of programs that I paid for in order to see how they did some kind
of protection (essentially to learn what you are asking from us here) or
occasionally to skip the inconvenience of having to insert a CD just in
order to start a program).

I have also once been hit by the other side of not cracking a program when
the original CD got scratched and my legally bought program became useless
because I had no backup CD. So whatever protection you use, also keep in
mind the fact that it might inconvenience your legitimate users enough that
they might stop using your program (e.g. I will never buy ARC GIS, because
a broken dongle, just as the GIS data for my thesis had to be analysed,
made it impossible to use and I then discovered powerful Open Source GIS's:
GRASS and qGIS which can do all and more for no money, but with a steeper
learning curve).

Happy hacking!
Chavoux
--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus

Re: [Lazarus] Is there any pascal implimentition on websocket comunication?

2015-12-04 Thread pingyu 
I've downloaded it. Thanks. 发自网易邮箱大师 On 2015-12-04 22:47 , Michael Van Canneyt 
Wrote: On Fri, 4 Dec 2015, pingyu wrote: > I searched internet but cannot find 
any information. Yes. Look for bauglir websocket. It uses synapse. I use it, it 
works very well. Michael. -- ___ 
Lazarus mailing list Lazarus@lists.lazarus.freepascal.org 
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus--
___
Lazarus mailing list
Lazarus@lists.lazarus.freepascal.org
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus