Just for the case, somebody thinks the watermarks could not be read out from an executable. Here is a weak code that can read out one of the watermarks... by
Skydevil
program GExtract;
{$APPTYPE CONSOLE}
{$R *.res}
uses
System.SysUtils,
System.Classes,
System.IOUtils;
function Compare(CompareBuffer: TArray<Byte>; Buffer: PByte): Boolean;
var
I: Integer;
begin
for I := Low(CompareBuffer) to High(CompareBuffer) do
begin
if (CompareBuffer[I] <> Buffer^) then
begin
Exit(False);
end;
Inc(Buffer);
end;
Exit(True);
end;
function FindString(const S: string; Buffer: PByte; const Count: Integer; out Location: PByte): Boolean;
var
CompareBuffer: TArray<Byte>;
I: Integer;
begin
CompareBuffer := TEncoding.ANSI.GetBytes(S);
//
for I := 1 to Count - Length(CompareBuffer) - 21 do
begin
if (Compare(CompareBuffer, Buffer)) then
begin
Inc(Buffer, Length(CompareBuffer));
Location := Buffer;
Exit(True);
end;
Inc(Buffer);
end;
//
Exit(False);
end;
procedure AnalyzeFile(const FileName: string);
var
Stream: TMemoryStream;
Location: PByte;
begin
Stream := TMemoryStream.Create();
//
try
Stream.LoadFromFile(FileName);
if (FindString('IdxLocalizerListener', Stream.Memory, Stream.Size, Location)) then
begin
Inc(Location, 5);
Writeln(Format('Name: %s', [TPath.GetFileName(FileName)]));
Writeln(Format('GUID: %s', [PGUID(Location).ToString()]));
end
else
begin
Writeln('No relevant information found.');
end;
finally
Stream.Free();
end;
end;
procedure Main();
var
FileName: string;
begin
if (ParamCount = 0) then
begin
Writeln('Error: FileName missing.');
Exit;
end;
//
FileName := ParamStr(1);
if (not TFile.Exists(FileName)) then
begin
Writeln('Error: File not found.');
Exit;
end;
//
AnalyzeFile(FileName);
end;
begin
try
Main();
Writeln('Press Enter');
Readln;
except
on E: Exception do
begin
Writeln(E.ClassName, ': ', E.Message);
end;
end;
end.
Hint: This code works for 32-bit apps, but probably not for 64-bit apps. Also it could happen, that compiler removed the searched interface, because it was unused, which can happen, but in case most of the bar stuff is referenced then it should be possible to find always a number.
Just compile the demos which can be found in the download or download the compiled demos from DevExpress.
The Demos shows the full range of available features and the source code is available too.
Sadly the form are highly nested and it's not easy to follow the programm flow, but it's possible to find enough interesting points.
Also the DevExpress documentation explains a lot.
Please keep in mind, the DevExpress components are also available for DotNet and they after sligtly different features.
So, take care to find examples, tips and tricks for DevExpress VCL.
Just a sidenote, DxAutoInstaller is based on DevExpress, which can be found in this thread.
question: maniches said:
My queries are to know if there is a risk that if in an educational way they know that you are using their components.
Let us assume, you are using a signed DevExpress version and you are building an app with these components, then nobody will know that. There is no mechanic which sents DevExpress a signal, that their components was compiled anywhere.
Let us assume, you sent the app to a friend, then nobody will know that, only your friend. He can use the app unlimited and nobody will know that.
Let us assume, your friend is sending the app to another friend, then first nothing happens, but in case the app will sent to dozen other friends and they sent it again to dozen other friends, then it goes viral and it's out of control.
But does DevExpress knows that? Probably not, I guess they don't have 24/7 service team which hunts for apps which are using DevExpress components.
There are simple too much apps out there which was not compiled with Delphi.
Let us assume, the app is uploaded to any store, then it's suddenly on a public place and the chance that DevExpress could be informed is increasing.
But the question is, who should do that? Anyone who is using an app doesn't first check anyhow, if the used components was once payed or not.
But okay, there are enough DMCA huntig companies out there and it's just easy to see if an app was compiled with Delphi and DevExpress components was used.
Another point is, a lot of people are uploading apps to Virustotal to check if the file contains a virus, which is surely a fine thing, but cause also a lot of false alarms, but this is another story.
But companies can pay a fee to Virustotal the get information about the uploaded files.
That is the business model of Virustotal.
It's unclear which information will then be possible to get, but in case the binaries will be shared, then DevExpress could do their own investigations.
Now, in case DevExpress have a unique information extracted from an executable, then they can check if the license is burned or not.
In case the license is already burned, then the next step will be if they find any additional copyright information.
Most developer are placing their real names or real company names into the executable and suddenly DevExpress is knowing who is using a burned license.
In case the license is stil valid, DevExpress have to check first, if the license owner knows the executable.
Again often enough the real names are used in the copyright information and in case there are fantasy names, then an abuse using is obviously.
question: maniches said:
There are so many current and new components, I believe that not everyone dominates them and it is important not to harm the friends who share these components.
It's just simple.
Nobody must share DevExpress source code of an active subscription.
DevExpress is placing the watermarks not just for fun.
They try to prevent that again and again a version from the same customer leaks.
But as long as DevExpress don't know which source has leaked, the subscription is safe.
But in in the minute DevExpress could read the watermarks of some units, then the subscription is burned.
question: maniches said:
It is also important to know if this can cause problems for the company that I work, the problem has been for an investigation or an educational issue. there if that can cost me the job.
It's simply hard to know if you can lost your job.
Fact is, the watermarks in the source code disclose the license owner and DevExpress can disallow a further using.
In case any watermark is found in an executable, the effort to find the guy who was publishing once the app can be high or too high.
Even the language barrier could be too high.
It's one thing to know, where an app comes from, but to make a contact, which is for example only speaking Russian, is probably hard to handle.
question: maniches said:
I believe that if it is used in products commercially, either internally or externally it is worth paying the corresponding licenses since they are very good components.
Anytime a company is earning money with the work of any other company it's just fair to pay for the work. Sure DevExpress is not even cheap and therefore is nothing for hoppiest or small companies.
![[Тажетдинов Тимур] Как получить туристическую визу в Америку](/assets/images/icons/forum5.png){kind=icon}
![[Андрей Кузнецов] Товарные рынки. Фундаментальный подход к торговле](/assets/images/icons/forum7.png){kind=icon}
