Planting a file in the computer registry (1 Viewer)

azhar2006

Registered User.
Local time
Yesterday, 17:00
Joined
Feb 8, 2012
Messages
180
Hello guys
While I searched the Internet, I found a function that, I think, implants a file in the computer's registry to prevent the database from being copied and transferred to another computer. I hope someone with experience will tell me if my words are accurate. Can I prevent the transfer or copying of the database from one computer to another computer?
Thanks everyone
Code:
Public Function set_db_properties(ByVal val As Boolean)
    Dim ok As Boolean
    Dim db As Database
On Error GoTo err

    Set db = CurrentDb
'    ok = ChangeProperty("StartUpShowDBWindow", dbBoolean, val)
'    ok = ChangeProperty("AllowToolbarChanges", dbBoolean, val)
'    ok = ChangeProperty("AllowBReakIntoCode", dbBoolean, val)
'    ok = ChangeProperty("AllowSpecialKeys", dbBoolean, val)
'    ok = ChangeProperty("AllowBypassKey", dbBoolean, val)
  '  AppTitle
'    ok = ChangeProperty("AppTitle", dbBoolean, val)
'    ok = ChangeProperty("AppIcon", dbBoolean, val)
'    ok = ChangeProperty("StartupMenuBar", dbBoolean, val)
'    ok = ChangeProperty("StartupShortcutMenuBar", dbBoolean, val)
'    ok = ChangeProperty("AllowFullMenus", dbBoolean, val)
'    ok = ChangeProperty("AllowShortcutMenus", dbBoolean, val)
'    ok = ChangeProperty("AllowBuiltInToolbars", dbBoolean, val)

Exit Function
err:
    MsgBox err.Number & " : " & err.Description
End Function

Function ChangeProperty(strPropName As String, varPropType As Variant, varPropValue As Variant) As Boolean
    Dim dbs As Database, prp As Property
    Const conPropNotFoundError = 3270

    Set dbs = CurrentDb
    On Error GoTo Change_Err
    dbs.Properties(strPropName) = varPropValue
    ChangeProperty = True

Change_Bye:
    Exit Function

Change_Err:
    If err = conPropNotFoundError Then  ' Property not found.
        Set prp = dbs.CreateProperty(strPropName, varPropType, varPropValue)
        dbs.Properties.Append prp
        Resume Next
    Else
        ' Unknown error.
        ChangeProperty = False
        Resume Change_Bye
    End If
End Function
Code:
Global Const REG_SZ As Long = 1
Global Const REG_DWORD As Long = 4

Global Const HKEY_CLASSES_ROOT = &H80000000
Global Const HKEY_CURRENT_USER = &H80000001
Global Const HKEY_LOCAL_MACHINE = &H80000002
Global Const HKEY_USERS = &H80000003

Global Const ERROR_NONE = 0
Global Const ERROR_BADDB = 1
Global Const ERROR_BADKEY = 2
Global Const ERROR_CANTOPEN = 3
Global Const ERROR_CANTREAD = 4
Global Const ERROR_CANTWRITE = 5
Global Const ERROR_OUTOFMEMORY = 6
Global Const ERROR_INVALID_PARAMETER = 7
Global Const ERROR_ACCESS_DENIED = 8
Global Const ERROR_INVALID_PARAMETERS = 87
Global Const ERROR_NO_MORE_ITEMS = 259

Global Const KEY_ALL_ACCESS = &H3F

Global Const REG_OPTION_NON_VOLATILE = 0

Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Declare Function RegCreateKeyEx Lib "advapi32.dll" Alias "RegCreateKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions As Long, ByVal samDesired As Long, ByVal lpSecurityAttributes As Long, phkResult As Long, lpdwDisposition As Long) As Long
Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long
Declare Function RegQueryValueExString Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long
Declare Function RegQueryValueExLong Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Long, lpcbData As Long) As Long
Declare Function RegQueryValueExNULL Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As Long, lpcbData As Long) As Long
Declare Function RegSetValueExString Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpValue As String, ByVal cbData As Long) As Long
Declare Function RegSetValueExLong Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpValue As Long, ByVal cbData As Long) As Long
Private Declare Function RegDeleteKey& Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String)
Private Declare Function RegDeleteValue& Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String)
Public Function DeleteKey(lPredefinedKey As Long, sKeyName As String)
' Description:
'   This Function will Delete a key
'
' Syntax:
'   DeleteKey Location, KeyName
'
'   Location must equal HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_lOCAL_MACHINE
'   , HKEY_USERS
'
'   KeyName is name of the key you wish to delete, it may include subkeys (example "Key1\SubKey1")


    Dim lRetVal As Long         'result of the SetValueEx function
    Dim hKey As Long         'handle of open key
    
    'open the specified key
    
    'lRetVal = RegOpenKeyEx(lPredefinedKey, sKeyName, 0, KEY_ALL_ACCESS, hKey)
    lRetVal = RegDeleteKey(lPredefinedKey, sKeyName)
    'RegCloseKey (hKey)
End Function

Public Function DeleteValue(lPredefinedKey As Long, sKeyName As String, sValueName As String)
' Description:
'   This Function will delete a value
'
' Syntax:
'   DeleteValue Location, KeyName, ValueName
'
'   Location must equal HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_lOCAL_MACHINE
'   , HKEY_USERS
'
'   KeyName is the name of the key that the value you wish to delete is in
'   , it may include subkeys (example "Key1\SubKey1")
'
'   ValueName is the name of value you wish to delete

       Dim lRetVal As Long         'result of the SetValueEx function
       Dim hKey As Long         'handle of open key

       'open the specified key

       lRetVal = RegOpenKeyEx(lPredefinedKey, sKeyName, 0, KEY_ALL_ACCESS, hKey)
       lRetVal = RegDeleteValue(hKey, sValueName)
       RegCloseKey (hKey)
End Function

Public Function SetValueEx(ByVal hKey As Long, sValueName As String, lType As Long, vValue As Variant) As Long
    Dim lValue As Long
    Dim sValue As String

    Select Case lType
        Case REG_SZ
            sValue = vValue
            SetValueEx = RegSetValueExString(hKey, sValueName, 0&, lType, sValue, Len(sValue))
        Case REG_DWORD
            lValue = vValue
            SetValueEx = RegSetValueExLong(hKey, sValueName, 0&, lType, lValue, 4)
        End Select

End Function
 

The_Doc_Man

Immoderate Moderator
Staff member
Local time
Yesterday, 19:00
Joined
Feb 28, 2001
Messages
22,555
I suspect you cannot block a file from being copied in this way, since the file system - if run by the computer's owner - runs with SYSTEM rights and SYSTEM can do anything with a file. The owner of the computer can easily choose to "Run as Admin" for any operation and once that happens, all file-system permissions are done for the day in at most three steps (which, for security reasons, I will not divulge.) There is no "you cannot copy me" security IF the person has read access to the file, and with Access, in order to use the app, you MUST have READ access (plus a few other permissions.) This would be true even for an Access file that had been converted to an .ACCDE format.

What you CAN do is put something in a registry using a separate mechanism that the application can then check in its startup code. Either an Opening Macro that does a .RunCode or an Opening Form that has code in its Form_Open event would be the right place. Then, if the appropriate registry key value is missing, the app can simply decline to run. HOWEVER, this means you must distribute the app as an .ACCDE so that the VBA code that reads the registry won't be visible to a hacker.

This is an overview and there have been many approaches as to what is to be done to the registry. It is not uncommon to look up a CPU or disk serial number using an "installer" app, create a hash of that object ID and store it elsewhere in the registry, and then have the app look up the same physical serial number at startup and compare to the installer's hashed value stored elsewhere. Of course, the trick is that you then have to get rid of the installer, which ALSO knows which place it is writing.

Note that if you want to protect the code, this might work. However, if you want to protect the data, it gets trickier because Access is still Access. In order for you to look at a table, you have to have permission to look at a table. BUT Windows doesn't offer file-segment permissions. With Windows, it is "all or nothing at all." Other types of SQL engines (SQL Server, ORACLE, SYBASE, ...) can and often DO implement table-selective permissions. So an "all native" Access app cannot completely protect its data. Oh, you can do things to make it tougher to copy the data, but at the end of the day, if it is protected too tightly, it becomes unusable - and thus useless.

I will recommend to you that you search this forum for "licensing" and perhaps pay attention to some of the past posts from Isladogs. He is one of our more well-versed members when it comes to application security. I have some expertise in security but not of this specific type. I'm more of a file system and operating system security guy. What you want is app-level security.
 

azhar2006

Registered User.
Local time
Yesterday, 17:00
Joined
Feb 8, 2012
Messages
180
I suspect you cannot block a file from being copied in this way, since the file system - if run by the computer's owner - runs with SYSTEM rights and SYSTEM can do anything with a file. The owner of the computer can easily choose to "Run as Admin" for any operation and once that happens, all file-system permissions are done for the day in at most three steps (which, for security reasons, I will not divulge.) There is no "you cannot copy me" security IF the person has read access to the file, and with Access, in order to use the app, you MUST have READ access (plus a few other permissions.) This would be true even for an Access file that had been converted to an .ACCDE format.

What you CAN do is put something in a registry using a separate mechanism that the application can then check in its startup code. Either an Opening Macro that does a .RunCode or an Opening Form that has code in its Form_Open event would be the right place. Then, if the appropriate registry key value is missing, the app can simply decline to run. HOWEVER, this means you must distribute the app as an .ACCDE so that the VBA code that reads the registry won't be visible to a hacker.

This is an overview and there have been many approaches as to what is to be done to the registry. It is not uncommon to look up a CPU or disk serial number using an "installer" app, create a hash of that object ID and store it elsewhere in the registry, and then have the app look up the same physical serial number at startup and compare to the installer's hashed value stored elsewhere. Of course, the trick is that you then have to get rid of the installer, which ALSO knows which place it is writing.

Note that if you want to protect the code, this might work. However, if you want to protect the data, it gets trickier because Access is still Access. In order for you to look at a table, you have to have permission to look at a table. BUT Windows doesn't offer file-segment permissions. With Windows, it is "all or nothing at all." Other types of SQL engines (SQL Server, ORACLE, SYBASE, ...) can and often DO implement table-selective permissions. So an "all native" Access app cannot completely protect its data. Oh, you can do things to make it tougher to copy the data, but at the end of the day, if it is protected too tightly, it becomes unusable - and thus useless.

I will recommend to you that you search this forum for "licensing" and perhaps pay attention to some of the past posts from Isladogs. He is one of our more well-versed members when it comes to application security. I have some expertise in security but not of this specific type. I'm more of a file system and operating system security guy. What you want is app-level security.
Thank you very much, Big Uncle (@The_Doc_Man) Thanks for the detailed explanation. Yes, your words are very accurate. I have been a member of the forum since 2012, I have benefited a lot from your experiences. Attach this database for you. As I said, uncle, this was secured through another program, which is planting a file in the registry.
 

Attachments

  • Security.mdb
    280 KB · Views: 166

theDBguy

I’m here to help
Staff member
Local time
Yesterday, 17:00
Joined
Oct 29, 2018
Messages
18,791
Hi. If you're trying to stop people from copying a file, I don't think you can. I hope I'm wrong though. There are a lot of smart people out there. Maybe someone knows how to do that. Good luck!
 

CJ_London

Super Moderator
Staff member
Local time
Today, 01:00
Joined
Feb 19, 2013
Messages
14,219
Some companies won't allow users to mess with the registry, so if this for clients outside your own business, you will need a plan B

@The_Doc_Man
This is an overview and there have been many approaches as to what is to be done to the registry. It is not uncommon to look up a CPU or disk serial number using an "installer" app, create a hash of that object ID and store it elsewhere in the registry, and then have the app look up the same physical serial number at startup and compare to the installer's hashed value stored elsewhere. Of course, the trick is that you then have to get rid of the installer, which ALSO knows which place it is writing.

I may be missing something, but if the user passes the installer to another potential user to install on their machine then who's to know? Only way I have seen that work is by having a one time passcode in the installer.

Another reason I create an (obscure) property in the FE as previously suggested to this OP. No messing with the registry and once 'installed', will only work from one location.
 

azhar2006

Registered User.
Local time
Yesterday, 17:00
Joined
Feb 8, 2012
Messages
180
Some companies won't allow users to mess with the registry, so if this for clients outside your own business, you will need a plan B

@The_Doc_Man


I may be missing something, but if the user passes the installer to another potential user to install on their machine then who's to know? Only way I have seen that work is by having a one time passcode in the installer.

Another reason I create an (obscure) property in the FE as previously suggested to this OP. No messing with the registry and once 'installed', will only work from one location.
What is plan B ?
 

azhar2006

Registered User.
Local time
Yesterday, 17:00
Joined
Feb 8, 2012
Messages
180
Hi. If you're trying to stop people from copying a file, I don't think you can. I hope I'm wrong though. There are a lot of smart people out there. Maybe someone knows how to do that. Good luck!
Very accurate statement. But how many are these smart people? Of course you are one of them and one of perhaps 1000.
When someone copies the database and moves it to another machine, it will try and try and possibly destroy at least a form or code dependent on VBA or a query. As Uncle @The_Doc_Man said. The important thing is that he destroyed what he wanted to get
 

oleronesoftwares

Passionate Learner
Local time
Yesterday, 17:00
Joined
Sep 22, 2014
Messages
1,118
A way around it might be

1. Ensure the file is MDE/ACCDE

2. Have the software on initial load detect the hard drive's serial number.

3. Have the software require an installation key(this is a function of the hard disk serial number)

4. Have the user email you the hard disk serial nos

5. You on your system, insert the hard disk serial nos into the function to generate the installation/activation key

6. E-mail back the key to the client to input in the field, then software opens.

7. Have the software on successful activation disable the functionality to input the hard disk serial number.


For all startup,the system will check if the hard disk serial nos activated is same as the one of the system, if not, it closes/gives error message with regards to the software been a pirated copy
 

The_Doc_Man

Immoderate Moderator
Staff member
Local time
Yesterday, 19:00
Joined
Feb 28, 2001
Messages
22,555
I may be missing something, but if the user passes the installer to another potential user to install on their machine then who's to know?

Which is why I warned the OP "Of course, the trick is that you then have to get rid of the installer, which ALSO knows which place it is writing."
 

The_Doc_Man

Immoderate Moderator
Staff member
Local time
Yesterday, 19:00
Joined
Feb 28, 2001
Messages
22,555
Thank you very much, Big Uncle (@The_Doc_Man) Thanks for the detailed explanation. Yes, your words are very accurate. I have been a member of the forum since 2012, I have benefited a lot from your experiences. Attach this database for you. As I said, uncle, this was secured through another program, which is planting a file in the registry.

Unfortunately, the file you included is one I cannot do anything with because it comes up in a language I do not read. However, I know you didn't do anything to the registry with that program because my internet security package blocks unexpected registry activity AND is set to report it.
 

Users who are viewing this thread

Top Bottom