I've inherited a Visual Basic 6 application that accesses a database directly, and I intend to rewrite it in Java.
However, something I NEED is the database user+password, which I believe is hard-coded into the application's source.
Unfortunately, I don't have access to it's source.
How could I retrieve the DB password? Is there a way to de-compile VB6 into some half-understandable form at least? or should I just log on and sniff it from my own PC?
I'd agree with MicSim that the DBA would be the person to ask.
However if you want to hack in to the source, you might have some luck just opening up the DLL (or EXE? OCX?) in a hex/text-editor and having a look through. If the credentials are really hard-coded into the application, presumably they're stored as strings... and I've noticed that strings tend to get stored in the assemblies created by VB6 in clear text.
Related
I'm trying to learn how to be better at storing my variables outside of the current application in which I'm working. I mostly work in building add-ins for applications such as Excel's VBA and DraftSight's AutoLisp, and most of my work doesn't require me to store anything outside of these applications. There have been a few insistence where I've needed to store settings outside of these two applications.
To help narrow the scope of what I'm asking, I'm wanting to learn about storing application and add-in variables in the Windows OS, for personal machines.
Questions
Where should variables be place in which directories? Categories would be helpful.
What file extension(s) should be used to save the variable information?
If a variable contained sensitive information, how and where should that information be stored?
If an application lacks a dedicated place to store add-in files for itself, where should the add-in file be best placed?
Store important per-user data in %appdata% and unimportant data in %localappdata%. The Shell.NameSpace scripting method should let you access these in VBA.
You can see a list of all the special locations on MSDN. Simple settings can be stored in the registry instead.
You get to decide the file extension.
If you have proper access to the Windows API you can call CryptProtectData to store encrypted data.
I am currently using an in-process COM server (Outlook Redemption) in my application and I need to convert it to work out-of-process, I'm using C++ Builder.
From what I've read so far, I believe I need to create the new COM server as a .exe, but how do I do that? and how do I make all the the existing functions visible? Can that be done automatically via the existing TLB or do I have to create wrappers around all the functions that I will need?
Any guidance to put me on the right track would be really welcome.
Edit: If anyone is able to explain the process for Delphi instead, I'm sure I'd be able to adapt it.
I have a SQL Server Database, I want a front-end graphical user interface for data input, which can be either web or desktop. But it has to be portable I mean it should be used without additional installation of any program. That front-end interface will be used by many users for input data into Database. Can you please help and suggest me?
Please see the link to the similar question. I find it quite helpful.
Which tool to build a simple web front-end to my database
and this
http://community.spiceworks.com/topic/195850-does-anyone-have-a-quick-and-dirty-way-to-access-ms-sql-data-from-a-web-app
and if you have some free time also this
http://www.academia.edu/4948292/Design_and_Implementation_of_Graphical_User_Interface_for_Relational_Database_Management_System
and potentially this
https://ask.sqlservercentral.com/questions/89751/is-there-a-front-end-application-development-tool.html
I hope it helps (at least a bit!)
Not sure if anyone is still looking for this, but https://beekeeperstudio.io is an open source database gui with a portable build.
Windows has a portable exe
Linux has appimage
Let me first explain my situation:
I have an old application and don't have any possibility of changing it. This application works with sqlite tables, one of them being a "temporary" database, but does not create temporary tables in memory but rather uses normal tables.
I install this application in a terminal server and the problem is that the application tries to read from a static path from the temporary table.
I need to redirect the "open syscall" to another file, so I want to know if I could do that with some software or by programming it.
Several options in order of "preferableness":
Create a junction. Click the link to get a tool for doing this.
Use a shim if possible.
If the above are not possible then you could use Madshi's madCodeHook lib to intercept the(*) call. Somebody over here is having a similar question, the discussion there also applies to your situation.
Be careful though when using API hooking and always ask yourself what would happen if two programs are doing it at the same time. This would likely result in an unstable system a.k.a. a mess.
(*) You would also have to figure out which call you actually need to hook.
You should be able to do that with a junction point.
I need to guide me to lock my project against "unauthorized use" with a certain registration key which I will send it personally.
I also want to inform me if this lock method can break it with reverse engineer method.
I use visual basic for my project in visual studio 2010.
There is no general case method of preventing someone from reverse engineering your application. It is code, and therefore it is possible to analyze. This is exacerbated by tools such as Reflector, which take a .NET assembly and dump out a complete Visual Studio solution capable of building the given .NET assembly. A malicious user could simply dump your assembly, remove the licensing bits, and then recompile the assembly.
However, you can use a code obfuscation tool (i.e. Dotfuscator (disclaimer: PreEmptive Solutions is my employer)) to make your code confusing enough that it's extremely difficult to figure out where exactly the registration bits are located.
That said, merely obfuscating the code still doesn't protect you the way you're trying to be protected, because you want to embed a secret (that is, the registration code) in the binary. Code obfuscators can help with this (i.e. string encryption), but this is in general a weak area -- your program has to get the constant in cleartext at some point, therefore the method to get the cleartext must exist in your program somewhere. After all, there are cracks and things for Windows and pretty much every video game on the planet, despite the millions companies like Sony spend on anti-copying technology.
If you want to secure your project from re-engineering and reading then,
Try obfuscation for securing your application at CERTAIN level.
Product Key,
Before few months back our team was discussing about
"How to secure our Product from Illegal Copying,ReEng etc"
Following are the conclusions,
for re-eng - Obfuscation
Copying - Decided to create a Product key based on Some Client + Other Details(Harddisk#+BIOS#) and we maintained the separate database for it.
So its upto you,I mean how much you want to secure your application.
Since you mentioned that you will be separately sending product key then it can be any combination like CustomerName+Date etc.
Also some obfuscation tool provide the way to generate product key, don't remember the name.