flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
revolution 13 Apr 2008, 11:38
You have to start another process that will then delete/alter your exe.
Many implementations I have seen will start explorer.exe and inject code into it that does the deletion/alteration. There are already examples on this board, a little bit of searching will yield results. |
|||
![]() |
|
f0dder 13 Apr 2008, 11:55
I wouldn't go for the thread injection in other process, it's going to trigger some of the antivirus solutions out there. Your only safe option is really to copy yourself to %temp%, launch the copy while shutting down the main app, etc.
|
|||
![]() |
|
revolution 13 Apr 2008, 12:19
f0dder wrote: I wouldn't go for the thread injection in other process, it's going to trigger some of the antivirus solutions out there. Your only safe option is really to copy yourself to %temp%, launch the copy while shutting down the main app, etc. |
|||
![]() |
|
f0dder 13 Apr 2008, 12:27
You re-launch the original exe with a -del command... I did that for the initial versions of fSekrit, and yes it is messy. But it works, and is less likely to trigger an AV alert.
Running cmd.exe with a batchfile is a possibility, because batch files can delete themself... but on win9x and command.com, the console window often doesn't go away. |
|||
![]() |
|
revolution 13 Apr 2008, 12:44
f0dder wrote: You re-launch the original exe with a -del command... I did that for the initial versions of fSekrit, and yes it is messy. But it works, and is less likely to trigger an AV alert. Code: Original exe |Copied exe --------------------------------+----------------------------- 1. make a copy of me |now in %temp% 2. run the copy |wait for original exe to exit 3. exit |gets exit notification 4. being modified |modify the original exe 5. waiting for copy to exit|run the original exe 6. gets exit notification |exit 7. delete the copy |ready for deletion 8. exit |deleted |
|||
![]() |
|
f0dder 13 Apr 2008, 13:05
Yes, something like that.
I use a different approach for fSekrit now, though: at startup, copy self to %temp%, then launch that with "-edit". When user quits, the copy launches the original with "-delete". This way, the program doesn't "flicker in and out of existence" every time the user saves ![]() |
|||
![]() |
|
revolution 13 Apr 2008, 13:27
f0dder wrote: I use a different approach for fSekrit now, though: at startup, copy self to %temp%, then launch that with "-edit". When user quits, the copy launches the original with "-delete". This way, the program doesn't "flicker in and out of existence" every time the user saves |
|||
![]() |
|
System86 13 Apr 2008, 18:04
Simple way to bypass this whole trial-days thing:
@echo off copy /B /Y trialapp.exe trialapp.bkp trialapp copy /B /Y trialapp.bkp trialapp.exe |
|||
![]() |
|
System86 13 Apr 2008, 18:08
Have your process create another process, and when your exe exits, the process it launched will modify the exe, which is now unlocked since your program exited.
|
|||
![]() |
|
asmhack 13 Apr 2008, 18:26
snify wrote: I want to do something like (just example of usage): useless and unsecure method, no need to explain why, better write to registry or to a hidden file, just remember that everything is crackable.. |
|||
![]() |
|
itsnobody 13 Apr 2008, 18:28
too easily hackable, you're better off trying some other method...
|
|||
![]() |
|
snify 13 Apr 2008, 23:05
it's as easy hackable as reg value
![]() |
|||
![]() |
|
AlexP 13 Apr 2008, 23:08
I was thinking about a small batch or .exe that will run when Windows starts, (I don't know where the reg key goes..) that way the user can't run the program before the TrialDays value is re-written.
|
|||
![]() |
|
revolution 14 Apr 2008, 01:11
Of course you can't protect your trial period from a determined hacker, but is that your target audience? For most cases the users don't know anything about how to bypass even simple methods.
For a good example about how the whole protection thing is an impossible problem to solve just follow the MS Vista DRM cracking story. |
|||
![]() |
|
snify 14 Apr 2008, 15:43
what is Vista DRM?
|
|||
![]() |
|
revolution 14 Apr 2008, 15:54
snify wrote: what is Vista DRM? |
|||
![]() |
|
itsnobody 14 Apr 2008, 21:15
Well if you're going to use this method you might as well have some type of encryption for the number instead of just dd 30 which anyone can view in any hex editor and modify
Like maybe take the number of days and multiply, add and whatever by a random value, then save the random value in the file too for decryption Then it'll be more difficult to hack, there's no such thing as anything impossible to hack, as long as it is encrypted and decrypted by the software itself it can be hacked |
|||
![]() |
|
FrozenKnight 30 Apr 2008, 11:14
you could use encryption. If you set up your own download server you could place a encrypted date (preferably using an RSA algorithm) in the exe as it's downloaded then when they run the exe. Then when the date elapses past your expiration date. you copy a deleter executable that you hid inside your primary exe to the users temp directory and run it. you can pass your first processes PID to the deleter executable as a parameter. and run your deleter and have it check for when your process closes and then have it delete your first exe.
For added flare try using a random name on your deleter executable. |
|||
![]() |
|
Kevin_Zheng 06 May 2008, 12:20
If one exe want to delete itself; the anti-virus sofware maybe think that it's one virus and this action have to be blocked it.
_________________ Pure Assembly Language Funs |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.