Possible to import DLL from server?

12
To add comments, please log in or register
Siwakon Poonsawat
9395
Siwakon Poonsawat  

Example

#import "ExpertSample.dll"
int    GetIntValue(int);
#import


but it can be like this?

#import http://www.mywebsite.com/ExpertSample.dll


Thank you

Regards.

Ex Ovo Omnia
3457
Ex Ovo Omnia  
Siwakon Poonsawat:

Example

#import "ExpertSample.dll"
int    GetIntValue(int);
#import


but it can be like this?

#import http://www.mywebsite.com/ExpertSample.dll


Thank you

Regards.


Can you imagine, how dangerous this feature would be if Windows allowed it?
JC
1588
JC  
Ex Ovo Omnia:

Can you imagine, how dangerous this feature would be if Windows allowed it?

There's not really much difference between that versus what Windows does "allow", which is downloading a file from a server and then linking to it dynamically.

For example, it's possible to do the following in MQL4, because MT4 doesn't verify the existence of test.dll until the call to TestFunction() is actually made:

#property strict 

#import "kernel32.dll"
   int CreateFileW(string, int, int, int, int, int, int);   
   int WriteFile(int, char & arr[], int, int&, int);
   int CloseHandle(int);
#import

#import "Test.dll"
   void TestFunction();
#import

void OnStart()
{
   // Download DLL file from server
   string headers;
   char post[], data[];
   int res = WebRequest("GET", "http://myserver/myfile.dll", NULL, NULL, 10000, post, 0, data, headers);

   // Write DLL file to MQL4\Libraries
   string strFile = StringConcatenate(TerminalInfoString(TERMINAL_DATA_PATH), "\\MQL4\\Libraries\\Test.dll");
   int f = CreateFileW(strFile, 1073741824, 0, 0, 2, 0, 0);
   int szWrite;
   WriteFile(f, data, ArraySize(data), szWrite, 0);
   CloseHandle(f);
   
   // Call newly-downloaded DLL
   TestFunction();
}

What's very interesting about this is that's possible to do the following...

#import "..\\Files\\test.dll"
   int TestFunction();
#import

(In other words, you can import a DLL which is in MQL4\Files rather than MQL4\Libraries)

... However, you can't use MQL4's FileWriteArray() etc to create the DLL file in MQL4\Files. You have to use the Win32 file functions. After experimentation, it turns out that MT4 contains some very careful checks which prevent you creating an executable file using the built-in functions such as FileWriteArray(), FileWriteString(). It won't allow you to create a file which starts with the 0x905A4D executable header.

Alain Verleyen
37484
Alain Verleyen  
Allowing DLL is unsecure anyway. Most people probably don't understand this.
Ex Ovo Omnia
3457
Ex Ovo Omnia  
JC:

There's not really much difference between that versus what Windows does "allow", which is downloading a file from a server and then linking to it dynamically.

For example, it's possible to do the following in MQL4, because MT4 doesn't verify the existence of test.dll until the call to TestFunction() is actually made:

What's very interesting about this is that's possible to do the following...

(In other words, you can import a DLL which is in MQL4\Files rather than MQL4\Libraries)

... However, you can't use MQL4's FileWriteArray() etc to create the DLL file in MQL4\Files. You have to use the Win32 file functions. After experimentation, it turns out that MT4 contains some very careful checks which prevent you creating an executable file using the built-in functions such as FileWriteArray(), FileWriteString(). It won't allow you to create a file which starts with the 0x905A4D executable header.

There is a huge difference, if you load an executable from the internet, any hacker can tamper it.

Technically, there is no problem with downloading and writing any file to the local file system, as you have DLL enabled anyway. The major problem is you cannot (re)load a new DLL by the already running script. It was possible with MT4 509, but currently it must be loaded within the script start.

JC
1588
JC  
Ex Ovo Omnia:

There is a huge difference, if you load an executable from the internet, any hacker can tamper it.

I don't see the fundamental difference between #import "http://myserver/mydll.dll" and the code above. One way or another, the executable code passes over the internet; is, in theory, vulnerable to manipulation in transit; and is then executed on the local machine.


Ex Ovo Omnia:

Technically, there is no problem with downloading and writing any file to the local file system, as you have DLL enabled anyway. The major problem is you cannot (re)load a new DLL by the already running script. It was possible with MT4 509, but currently it must be loaded within the script start.

You do that by having two DLLs: a shell which wraps the actual functionality in a second DLL. The #import in MQL4 is of the shell. At any time, the shell can suspend incoming calls from MQL4; unload the second DLL; replace it on disk; reload it; and then execute any pending calls.
JC
1588
JC  
Alain Verleyen:
Allowing DLL is unsecure anyway. Most people probably don't understand this.

It depends on one's threshold for "insecure". Downloading an EA and turning on DLL imports is fundamentally similar to downloading and running any other software from the internet. You need to trust the software's author - or the activity-scanner of your anti-virus software.

You need to trust any EA author to some degree. You don't need DLL imports to write an EA which, on a pre-arranged date, suddenly starts placing huge trades until it blows up your account - either just in order to cause malicious damage, or because the author has some sort of financial relationship with a B book broker.

Farrukh Aleem
2105
Farrukh Aleem  
JC:

There's not really much difference between that versus what Windows does "allow", which is downloading a file from a server and then linking to it dynamically.

For example, it's possible to do the following in MQL4, because MT4 doesn't verify the existence of test.dll until the call to TestFunction() is actually made:

What's very interesting about this is that's possible to do the following...

(In other words, you can import a DLL which is in MQL4\Files rather than MQL4\Libraries)

... However, you can't use MQL4's FileWriteArray() etc to create the DLL file in MQL4\Files. You have to use the Win32 file functions. After experimentation, it turns out that MT4 contains some very careful checks which prevent you creating an executable file using the built-in functions such as FileWriteArray(), FileWriteString(). It won't allow you to create a file which starts with the 0x905A4D executable header.


Very informative post thanks.
JC
1588
JC  
Farrukh Aleem:

Very informative post thanks.
Thanks, but I'm not sure you could actually reliably use this in the wild. A future version of MT4 might start checking for the existence of the DLL file when the EA was loaded, instead of waiting until the first call is made to the DLL.
Farrukh Aleem
2105
Farrukh Aleem  
JC:
Thanks, but I'm not sure you could actually reliably use this in the wild. A future version of MT4 might start checking for the existence of the DLL file when the EA was loaded, instead of waiting until the first call is made to the DLL.

Ya in normal circumstance we dont need dll in files, however when needed there are still workarounds you just create a file with some other extension and then use .bat or .cmd or .vbs or any other script to rename and move it back to desired location.
Ex Ovo Omnia
3457
Ex Ovo Omnia  
JC:

...

You do that by having two DLLs: a shell which wraps the actual functionality in a second DLL. The #import in MQL4 is of the shell. At any time, the shell can suspend incoming calls from MQL4; unload the second DLL; replace it on disk; reload it; and then execute any pending calls.
Then it is not relevant to discuss downloading the DLL from MQL, when you already have the custom shell DLL on its place.
12
To add comments, please log in or register