本文介绍了定制许可计划的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

为了在ATL中创建一个派生的编辑控件,它将进入一个

应用程序,希望有一天能给我一些钱,我决定

尝试为它设计一个自定义许可方案。我会描述它并且会想看看人们的想法以及如果可能的话如何改进它。

我的目的不是防止它被用于设计在运行模式下模式/确定,

但要有一个*相对简单的*方法,确保它仅被我的客户端应用程序使用

而不是其他。我的想法是,我没有必要了解所有的IClassFactory2 palava(我认为它会花费我很长时间

太长了,如果有的话),我只需要在任何客户端实现某个类

应用程序我写的我想要使用它,然后只需将

GUID复制并粘贴到该类中源代码(来自组件的源代码)将

传递给组件来验证它 - 你可能认为不是很好,但它似乎很好

因为它是简单,虽然仍然可以防止所有但是很难实现

密码学家/机器代码破解程序。


验证算法如下:ActiveX控件(这是一个

VC7.1非托管ATL控件)有一个暴露于COM的Validate方法,它接受一个参数,即一个IDispatch类型的接口。然后该方法看起来像是一个名为NearlyThere的方法的dispid。使用

IDispatch :: GetIDsOfNames。然后它组装一个没有参数的DISPPARAMS

并使用IDispatch :: Invoke调用它找到的方法。客户端

应用程序,用C#编写,创建一个类的实例,其中InterfaceAttribute设置为IDispatch(因此实现IDispatch)并使用


这将传递给

控件的Validate方法的IDispatch参数。 NearlyThere此类中的方法返回一个GUID,它似乎是安全地将其返回到C ++端,并存储为控件的VT_BSTR VARIANT

类成员变量。我当时正在考虑使用一种方法

(让我们说授权)来检查此BSTR中的GUID与

常量,并抛出_com_raise_error (?)如果他们不匹配。


ATL项目中的代码是这样的:


VARIANT r; //(实际上在.h文件中)


STDMETHODIMP Clicensed :: Initialize2(IDispatch * d)

{

/ / TODO:在这里添加你的实现代码

HRESULT hr;

DISPID dispid = 0,dispid2 = 0;

ITypeInfo * typeinfo;

OLECHAR * text = OLESTR(" NearlyThere");

hr = d-> GetIDsOfNames(IID_NULL,& text,1,LOCALE_SYSTEM_DEFAULT,& dispid);

d-> GetTypeInfo(0,LOCALE_SYSTEM_DEFAULT,& typeinfo);


DISPPARAMS dp;

memset(& dp ,0,sizeof(DISPPARAMS));

dp.rgvarg = NULL;

dp.cNamedArgs = 0;

dp.cArgs = 0 ;


EXCEPINFO excinf;

UINT uArgErr;

memset(& r,0,sizeof(VARIANT));

hr = d->调用(dispid,IID_NULL,LOCALE_SYSTEM_DEFAULT,DISPATCH_METHOD,

& dp,& r,& excinf,& uArgErr);


ATLTRACE(r.bstrVal); // GUID回到这里OK

返回S_OK;

}


和C#项目中的代码非常少,但就是这样:

// theinitobj.cs


[InterfaceType(ComInterfaceType.InterfaceIsIDispatc h)]

公共接口IMySecurity

{

string NearlyThere();

}

公共类theinitobj:IMySecurity

{

public theinitobj(){}


#region IBonjSecurity会员


public string NearlyThere( )

{

return" {1F3B54F8-8615-43e4-B74D-4E1699CC990A}" ;;

}


#endregion

}


// frmMain.cs


private void Form1_Load(对象发送者,System.EventArgs e)

{

IMySecurity ibs = new theinitobj();


this.axlicensed2.Initialize2 (ibs);


}


我正在考虑调用检查收到的GU的例程一个

重要算法发生之前的ID(可能是一个预处理器宏) - 但你怎么认为如果它错了就认为我应该去中止__com_raise_error或

_com_issue_error,有什么区别?什么参数?或者其他什么

其他?


这听起来像什么?我认为这样做会很好,因为它非常好......它正在调用然后再回电话 - 但它是多么容易

来切换返回值 ;没有进入这个功能,以及如何成功阻止人们使用它,你是否认为?b $ b估计?

它可以改进吗?

In my quest to create a derived edit control in ATL that will go into an
application that will hopefully make me some money one day, I have decided to
try to devise a custom licensing scheme for it. I will describe it and would
like to see what people think and how it can be improved if possible please.
My aim is not to prevent it from being used in design mode / OK in run mode,
but to have a *relatively simple* method of making sure that it is only used
by my client application and no other. The idea is that I don''t have to
understand all the IClassFactory2 palava (which I think it would take me far
too long, if at all), I just have to implement a certain class in any client
application I write that I want to use it, and then just copy and paste a
GUID into that class''s source code (from the component''s source code) to pass
to the component to validate it - not great you may think, but it seems good
because it is simple, while still possibly keeping out all but hardened
cryptographers / machine-code crackers.

The validation algorithm goes as follows: The ActiveX control (which is an
VC7.1 unmanaged ATL control) has a COM-exposed Validate method, that takes
one parameter which is an interface of type IDispatch. The method then looks
up the dispid of a method called "NearlyThere" using
IDispatch::GetIDsOfNames. It then assembles a DISPPARAMS with no arguments
and calls the method it found using IDispatch::Invoke. The client
application, which is written in C#, creates an instance of a class which has
the InterfaceAttribute set to IDispatch (thus implements IDispatch) and uses
this to pass to the IDispatch parameter of the Validate method of the
control. The "NearlyThere" method in this class returns a GUID, which seems
to safely make it back into the C++ side, and is stored as a VT_BSTR VARIANT
class member variable of the control. I was then thinking of having a method
(let''s say "Authorize") which checks the GUID in this BSTR against a
constant, and throws a _com_raise_error(?) if they don''t match.

The code in the ATL project is as such:

VARIANT r; //(actually in the .h file)

STDMETHODIMP Clicensed::Initialize2(IDispatch* d)
{
// TODO: Add your implementation code here
HRESULT hr;
DISPID dispid = 0, dispid2 = 0;
ITypeInfo* typeinfo;
OLECHAR* text = OLESTR("NearlyThere");
hr = d->GetIDsOfNames(IID_NULL, &text, 1, LOCALE_SYSTEM_DEFAULT, &dispid);
d->GetTypeInfo(0, LOCALE_SYSTEM_DEFAULT, &typeinfo);

DISPPARAMS dp;
memset(&dp, 0, sizeof(DISPPARAMS));
dp.rgvarg = NULL;
dp.cNamedArgs = 0;
dp.cArgs = 0;

EXCEPINFO excinf;
UINT uArgErr;
memset(&r, 0, sizeof(VARIANT));
hr = d->Invoke(dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_METHOD,
&dp, &r, &excinf, &uArgErr);

ATLTRACE(r.bstrVal); //the GUID gets back here OK
return S_OK;
}

and the code in the C# project is very little, but this is it:
//theinitobj.cs

[InterfaceType(ComInterfaceType.InterfaceIsIDispatc h)]
public interface IMySecurity
{
string NearlyThere();
}
public class theinitobj : IMySecurity
{
public theinitobj(){}

#region IBonjSecurity Members

public string NearlyThere()
{
return "{1F3B54F8-8615-43e4-B74D-4E1699CC990A}";
}

#endregion
}

//frmMain.cs

private void Form1_Load(object sender, System.EventArgs e)
{
IMySecurity ibs = new theinitobj();

this.axlicensed2.Initialize2(ibs);

}

I''m thinking of calling a routine that checks the received GUID before an
important algorithm happens (maybe a preprocessor macro) - but how do you
think I should go about aborting if it''s wrong - _com_raise_error or
_com_issue_error, what''s the difference? And what parameter? Or something
else?

What does this sound like? I thought it would be good because it is quite
contrived - it''s calling then calling back again - but how easy would it be
to "switch return values" without getting into the function, and how
successful will it be at preventing people from being able to use it, do you
reckon?
Could it be improved?

推荐答案




FWIW:您可能想看一下这样做的一些产品

类似的事情:






问候,




FWIW: You might want to take a look at some of the products that do this
kind of thing:

http://www.crypkey.com/

http://siliconrealms.com/index.shtml

Regards,
Will








这篇关于定制许可计划的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-16 18:58