February 27, 2021
Hot Topics:

Visual Basic 6 Win32 API Tutorial

  • By James Limm
  • Send Email »
  • More Articles »

As we have seen, there's a lot of power in the Win32 APIs. As long as you steer clear of the potential traps, your development will be a smooth process. Throughout the rest of this book, we'll use an application as our main "playground" for API testing and debugging. This application is called The Encryption Program. I'll explain why I've decided to use this project in this book, and then we'll take a look at the program itself.

If you don't want to read about the political or social reasons that motivated me to write this program, please skip over the next section. But I would encourage you to do it anyway. Think of it this way: If I was in a business area at the company you worked at, and I came to you with this problem, how would you effectively solve it? You may or may not agree with my arguments or ideas, but I’m coming to you with a problem, I have the money in my budget, and I want you to solve it for me (yesterday, of course). One of the biggest criticisms I’ve heard about programmers is their inability to relate to business areas, so I’d ask you to set judgment aside and tackle the problem with a technical solution in the back of your mind.

Why This Program?

One issue that you tend to hear about every so often is privacy rights. For example, more and more cameras are showing up in our society every day. Some people claim that these cameras infringe upon our privacy (like when you try on clothes at a department store), while others state that the cameras help minimize criminal activity (like being able to spot a person stuffing a shirt into a bag when they're in the dressing room). This issue is rather complex, and this book is not the place to analyze it in detail, but there is one part of it that, admittedly, annoys me!

A thorny side issue has been raised with employees using e-mail at work. Some employees have used these services to send jokes or pictures that other may consider derogatory or inappropriate. In this day and age of lawsuits and allegations, the last thing a company would want is to be sued by an employee who feels that the content within a message is harmful. Therefore, some companies have set up policies and procedures that allow them to read anyone's e-mail at any time. Content that has been defined as inappropriate and is found within a message can lead to disciplinary action, or even termination.

Granted, this sounds nice, but the reason I want to encrypt a file is that I don't want anyone to see the cookie recipes I'm sending to my parents via e-mail other than my parents! This is where the issue gets personal, so I'll stop at this point. But it motivated me to start investigating cryptography a bit more. I don't claim to be an expert in the field, and the technique I came up with is fairly simplistic, but it required me to break open a lot of API calls to pull it off. So let's take a look at how the algorithm works before we start coding in VB.

If you're interested in learning more about encryption, check out the RSA Data Security, Inc. web page at http://www.rsa.com/. I make no claims that my code will secure the content of your files, since it’s a pretty simplistic process compared to RSA. But RSA is very secure, so check out this site if you need tight cryptography.

How the Algorithm Works

Say you have the following message that you'd like to encrypt:

As you can see, the message is broken up such that each character is in its own box. To encrypt this message, we're going to handle each character in the message one at a time. We also have to convert each character into its ASCII character value. Here's what the message looks like in ASCII values:

We also need two other parts: the seed value and the key. The seed value is to set the starting point in a random sequence, and the key is used as a "filter" on the message. For this example, let's say the key is "XKf7" and the seed value is 24.

Now for the fun stuff. We line up the message's first character against the key's first character value, the message's second character against the key's second character value, and so on. If the message is longer than the key, we just start over. Here's what that looks like:

The next step is to simply add the character values up between the two strings, and store the results into another array of characters. Here's what happens during this operation:

The last step is to introduce some randomness into the picture. If we didn't, our key would stick out like a sore thumb in the resultant array. For example, if we had a message like "ZZZZZZZZZZZZZZZZ", and our key was "XKf7", here's what would happen:

Granted, the exact key value isn't repeated, but that's a glaring hole for any hacker to try and decrypt the message. This gets worse if the file we encrypt has a bunch of null characters in a row. Remember that a null character is equal to 0 in ASCII. Add 0 to the key value, and you get the key value, thereby exposing the key itself! Therefore, we need to mess up the result a little bit. Here's another catch, though: we have to be able to "unmess" the result when we decrypt it. If this isn't possible, the message will be lost forever.

Thankfully, the random number generator in VB helps us out here. If you search for the word Rnd in VB's help file, you'll find this sidebar:

To repeat sequences of random numbers, call Rnd with a negative argument immediately before using Randomize with a numeric argument. Using Randomize with the same value for number does not repeat the previous sequence.

Rnd is a function that returns a random number. However, without getting into the statistical details, Rnd is cyclical. That is, eventually Rnd will start to repeat.

It actually takes 16,777,000 iterations, from what I can tell. I've created a project called RandomSequenceCheck that you'll get if you download the code. It has absolutely nothing to with API calls, which is why I don't cover it explicitly in the book; I just wanted to show this interesting little fact in a VB project for the curious reader.

If you want to start the sequence at a specific point, you use the following code:

Rnd (-1)
Randomize (SeedValue)

No matter when or where you run this code, your program will produce the same random sequence every single time as long as SeedValue is the same. I know that may sound weird - how can you call a sequence random if you know what's going to be generated? - but for our purposes, this is exactly what we need. Now, if we would run this code in VB and call Rnd as many times as we need for our message we get:

If the concept of generating a random number sequence that's predetermined and cyclical sounds like a paradox, you may have to break open a book on statistics and probability to get a thorough explanation on random number generators. One good source that I know of is written by Athanasios Papoulis, entitled "Probability, Random Variables, and Stochastic Processes," but it's definitely not easy on the eyes from a mathematical standpoint!

We still have one minor process to run. The ASCII character set only goes from 0 to 255, so if the resultant value exceeds 255, we simply subtract 256 from the value until it is less than 256. (For all you non-mathematicians out there, we'll skip the group theory analysis.) So here's the final encrypted message:

In ASCII, this is the message from start to finish: "__DISREY-kMC_m". Pretty messy, isn't it? You'd have to spend a little bit of time to crack this one. Now if we want to decrypt it, we just run the process in reverse. We take the message, subtract each character with the correct number in the random sequence along with the correct value in the key. This time, if the number is less than 0, we add 256 until the value is non-negative. Here's the process in reverse:

If you look back at the original message in ASCII, we got it back! Also, notice that the randomness is exactly the same sequence as before. If it wasn't, who knows what your friend may be reading on the other end.

It's a simple algorithm, once you get down to it. There are more complex mathematical issues that we didn't delve into, but it does its job. However, you still have the issue of the key and seed value. How do you transmit these components? Well, that's more of a social issue than anything. You may use the key "Stop6Watch" between one group of friends, and simply tell them the seed value in the e-mail along with the attached encrypted file. If anyone intercepted the message, they wouldn't have the key to decrypt the file. However, if someone reveals the key, then the system breaks down.

Page 11 of 13

This article was originally published on November 20, 2002

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date