flat assembler
Message board for the users of flat assembler.

Index > Windows > Simplest way to hide Resource and Imports(...)

Author
Thread Post new topic Reply to topic
Dr.ALi-Satan



Joined: 03 Nov 2005
Posts: 8
Location: Armenia-Russian-Iran
Dr.ALi-Satan
Very Happy Hi Very Happy
I found it useful so i post it here!
This way is to Hide Import File And you resource Sections But the only problem that i found is that It can't show your Version Info Sad

I test this only on winXP SP1,2 and its work fine
Application test by this tools:

1-PEID resource Editor Plugin(and it shows nothing!)
2-insPEctor for check import File(and there is nothing!)
3-Rehacker for check resources(and There is no Reource!)
So post your idea here and tell what you think Smile

I newbie In ASM please help Me out! Rolling Eyes


Description:
Filesize: 32.69 KB
Viewed: 943 Time(s)

No resource,Imports.GIF


Description: Example With Source
Download
Filename: MINIPAD.zip
Filesize: 2.87 KB
Downloaded: 42 Time(s)

Post 07 May 2006, 17:14
View user's profile Send private message Yahoo Messenger Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
Hey, I've checked your example. I see the imports and resources with every tool i tried. (Only ResHacker 3.4.0 didn't see anything, but this tool is dead. it was not updated for 3 or more years). And looking at your source I must say that you cannot hide your resources/imports in such way. I think it's useless to hide it at all. Cause if windowse can read it than anyone can.
btw, most of the tools cannot find imports if you place them in pe header.
before the actual code or data begins.
One more thing i wanna say - use good tools, but not trash.
Post 07 May 2006, 19:25
View user's profile Send private message Reply with quote
Dr.ALi-Satan



Joined: 03 Nov 2005
Posts: 8
Location: Armenia-Russian-Iran
Dr.ALi-Satan
Tnx zhak for your Comment, And could you give me the link to dl those tools or the name of them.Tnx again.
Post 07 May 2006, 21:31
View user's profile Send private message Yahoo Messenger Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
What tools to use is, in fact, the question of taste. You should use by yoursel as much as possible to figure out your own toolkit. for examining pe files I use LordPE Delux by yoda most of the time. there are also clones of this tool (such as PE Tools) but I like the original one. PEiD is good. to hexedit and disassemble files HIEW is my choice. IDA is very good, but it's too bulky, i think. You can do what you need with HIEW while IDA will be still disassembling .exe. The best debuggers are OllyDbg and, of course, SoftICE. visit sysinternals.com for sure. You'll find many excellent tools there. explore, try, learn...
Post 07 May 2006, 22:02
View user's profile Send private message Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
Stud_PE is my PE-Tool of choice, when you use it enough and discover all the things it has you fall in love with it Razz


Description: here is unfinished but working tool i coded to crypt imports from my exe's... in fasm of course...
Download
Filename: PeTo-IAT.rar
Filesize: 5.37 KB
Downloaded: 52 Time(s)


_________________
When We Ride On Our Enemies
support reverse smileys |:
Post 07 May 2006, 23:36
View user's profile Send private message MSN Messenger Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
okasvi, your tool works fine with test.exe, but..... my NOD32 antivirus didn't let me to execute this proggie saying "it is extremely dangerous unknown virus that will destroy all your data" Smile ...So I had to turn NOD32 off.
Post 08 May 2006, 07:19
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.