Allow All DLL imports for untrusted source
Hello,
I have heard about the risks associated with allowing Dll imports for untrusted expert advisors. But I really need more details about how bad this could be..is there a chance to copy trades, copy files from hard drive? The reason is that I am using a dashboard EA coded from FF so I have no idea about who coded it and how credible that is. Any ideas? Since disabling imports will turn the EA off, So I technically has no option but allowing Dll imports?
When I use DLL imports from, say, kernel32.dll, it's because I want to do something that MQL5 expressly doesn't want me to do.
This might be as innocuous as:
void GetSystemTime(int& systemTimeArray[]);
because I want to get the real time when the Tester is running.
Or it might be because I want to do something with files outside the sandbox.
bool CopyFileW(string lpExistingFileName,string lpNewFileName,bool bFailIfExists); bool DeleteFileW(string lpExistingFileName);
Or maybe I want to run a Windows application when I am done running the tester:
int ShellExecuteW(int hwnd,string Operation,string File,string Parameters,string Directory,int ShowCmd);
So, if I can access these by importing functions from kernel32.dll, you must assume that any DLL you import can do these things, too.
Copy files, delete files, spawn other processes . . . .
When I use DLL imports from, say, kernel32.dll, it's because I want to do something that MQL5 expressly doesn't want me to do.
This might be as innocuous as:
because I want to get the real time when the Tester is running.
Or it might be because I want to do something with files outside the sandbox.
Or maybe I want to run a Windows application when I am done running the tester:
So, if I can access these by importing functions from kernel32.dll, you must assume that any DLL you import can do these things, too.
Copy files, delete files, spawn other processes . .
Thanks Anthony Garot for the info,
So I unchecked allowing Dll imports for all indicators on my template, Now is there a way to tell what is suspicious dll files that could be 
in my folder? Can I just delete them all, and Allow the ones from known resources?
Thanks Anthony Garot for the info,
So I unchecked allowing Dll imports for all indicators on my template, Now is there a way to tell what is suspicious dll files that could be in my folder? Can I just delete them all, and Allow the ones from known resources?
You don't understand. It's not even about "suspicious" DLL, of course that could happen too but it's not the most probable case.
Allowing normal DLL from WinAPI is completely unsecure if you can't check the code, it potentially can take control of all your computer.
Of course it's nothing specific to MT4/MT5, it's true for any software you install on your computer with full access.
You don't understand. It's not even about "suspicious" DLL, of course that could happen too but it's not the most probable case.
Allowing normal DLL from WinAPI is completely unsecure if you can't check the code, it potentially can take control of all your computer.
Of course it's nothing specific to MT4/MT5, it's true for any software you install on your computer with full access.
No, I understand It should not have allowed. But I am speaking about now..What should I do to secure my data?
- Free trading apps
- Over 8,000 signals for copying
- Economic news for exploring financial markets
You agree to website policy and terms of use
Hello,
I have heard about the risks associated with allowing Dll imports for untrusted expert advisors. But I really need more details about how bad this could be..is there a chance to copy trades, copy files from hard drive? The reason is that I am using a dashboard EA coded from FF so I have no idea about who coded it and how credible that is. Any ideas? Since disabling imports will turn the EA off, So I technically has no option but allowing Dll imports?