How to pass MQL4 System Function AccountNumber() as a parameter

New comment
 

Hello all,


This is my first post on the MQL5 forum. I am trying to write an Expert Advisor (can apply to Indicator as well) in MQL4 that uses a custom made DLL to authenticate its users. To protect my EA from being decompiled, I am thinking of passing MQL4's system function AccountNumber() as a parameter to my external DLL function that performs the authentication. This custom DLL function will accept a pointer to functions that return an int and take no parameters (like the specified AccountNumber function, like follows:

// Define function pointer
typedef int(*GetIntFuncType)(void);

// A sample function that accepts a function func of type GetIntFuncType as a parameter, and calls func with no parameters inside it.
void PrintFunc(GetIntFuncType func)
{
    Print(func());
}

I was not able to get this to compile when I tried writing the following way, which is the effect I want to achieve:

// This will not compile.
// Errors: 
// * 'AccountNumber' - undeclared identifier
// * 'AccountNumber' - parameter conversion is not allowed
PrintFunc(AccountNumber);

However, I attempted the following workaround which compiles successfully, although it does not achieve the effect I want:

// This compiles
int GetAccountNumber()
{
    return AccountNumber();
}

PrintFunc(GetAccountNumber);


I would like to understand why I am not able to pass a system function such as AccountNumber() directly as a parameter to another function (namely the actual function from my custom authentication DLL I intend to use). My reason for insisting to do it the first way is in order to ensure that the function used to send the integer to authenticate is this function (and not any other function, since this function is a system function and therefore cannot be redefined). I believe this would protect the resulting ex4 file from successful decompilation and overwriting (a.k.a. being 'hacked into') as it prevents this from happening:

// The hacker could overwrite GetAccountNumber like this:
int GetAccountNumber()
{
    // Original, deleted by hacker:
    // return AccountNumber();

    // New, hacker overwrites as:
    return hackedAccountNumber;
    // where hackedAccountNumber is an account number authorised to use my EA/Indicator,
    // which the hacker may have obtained (e.g. by recording an authorised user's account number)
}

Similarly, I could not afford to write it like this as it is equally as vulnerable, if not even worse:

// Cannot write like this:
void PrintFunc(int result)
{
    Print(result);
}

// Or the hacker could simply call the authentication function like this:
PrintFunc(hackedAccountNumber);


I would appreciate it very much if you can explain to me why passing MQL4 system functions does not work, and whether there is another way to achieve the outcome I desire.


Thank you very much,

Tungsten

 
William Roeder:
There has be zero proof that any ex4/5 can be decompiled since Build 600+ 20 14.02.03
          Upcoming MetaTrader 4 and MQL4 Upgrades - Big Changes Are Underway (MetaQuotes Software Corp.) - MQL4 programming forum
          Code Protection: New MQL4 language(Build 600+) decompilation protection and other crack techniques. (Macos Silva) - MQL4 programming forum - Page 2

Hi William,


Thank you very much for your prompt reply. I appreciate that so far there is no proof of decompilation for ex4s since said build version, but there is no proof that it is uncrackable either (as far as I know) so to me it seems like a 'does not imply' case. It is also possible that ex4s compiled since this build are still being broken, but that evidence of such feats are not (and will never be) publicly displayed. Therefore I would still like a solution to the safeguard as proposed in the OP just in case such a proof comes to existence in the future.


My sincere apologies if this sounds paranoid.


Thanks,

Tungsten

New comment