flat assembler
Message board for the users of flat assembler.
Index
> Windows > EXE file to write to itself ? |
Author |
|
revolution 13 Apr 2008, 11:38
You have to start another process that will then delete/alter your exe.
Many implementations I have seen will start explorer.exe and inject code into it that does the deletion/alteration. There are already examples on this board, a little bit of searching will yield results. |
|||
13 Apr 2008, 11:38 |
|
f0dder 13 Apr 2008, 11:55
I wouldn't go for the thread injection in other process, it's going to trigger some of the antivirus solutions out there. Your only safe option is really to copy yourself to %temp%, launch the copy while shutting down the main app, etc.
|
|||
13 Apr 2008, 11:55 |
|
revolution 13 Apr 2008, 12:19
f0dder wrote: I wouldn't go for the thread injection in other process, it's going to trigger some of the antivirus solutions out there. Your only safe option is really to copy yourself to %temp%, launch the copy while shutting down the main app, etc. |
|||
13 Apr 2008, 12:19 |
|
f0dder 13 Apr 2008, 12:27
You re-launch the original exe with a -del command... I did that for the initial versions of fSekrit, and yes it is messy. But it works, and is less likely to trigger an AV alert.
Running cmd.exe with a batchfile is a possibility, because batch files can delete themself... but on win9x and command.com, the console window often doesn't go away. |
|||
13 Apr 2008, 12:27 |
|
revolution 13 Apr 2008, 12:44
f0dder wrote: You re-launch the original exe with a -del command... I did that for the initial versions of fSekrit, and yes it is messy. But it works, and is less likely to trigger an AV alert. Code: Original exe |Copied exe --------------------------------+----------------------------- 1. make a copy of me |now in %temp% 2. run the copy |wait for original exe to exit 3. exit |gets exit notification 4. being modified |modify the original exe 5. waiting for copy to exit|run the original exe 6. gets exit notification |exit 7. delete the copy |ready for deletion 8. exit |deleted |
|||
13 Apr 2008, 12:44 |
|
f0dder 13 Apr 2008, 13:05
Yes, something like that.
I use a different approach for fSekrit now, though: at startup, copy self to %temp%, then launch that with "-edit". When user quits, the copy launches the original with "-delete". This way, the program doesn't "flicker in and out of existence" every time the user saves |
|||
13 Apr 2008, 13:05 |
|
revolution 13 Apr 2008, 13:27
f0dder wrote: I use a different approach for fSekrit now, though: at startup, copy self to %temp%, then launch that with "-edit". When user quits, the copy launches the original with "-delete". This way, the program doesn't "flicker in and out of existence" every time the user saves |
|||
13 Apr 2008, 13:27 |
|
System86 13 Apr 2008, 18:04
Simple way to bypass this whole trial-days thing:
@echo off copy /B /Y trialapp.exe trialapp.bkp trialapp copy /B /Y trialapp.bkp trialapp.exe |
|||
13 Apr 2008, 18:04 |
|
System86 13 Apr 2008, 18:08
Have your process create another process, and when your exe exits, the process it launched will modify the exe, which is now unlocked since your program exited.
|
|||
13 Apr 2008, 18:08 |
|
asmhack 13 Apr 2008, 18:26
snify wrote: I want to do something like (just example of usage): useless and unsecure method, no need to explain why, better write to registry or to a hidden file, just remember that everything is crackable.. |
|||
13 Apr 2008, 18:26 |
|
itsnobody 13 Apr 2008, 18:28
too easily hackable, you're better off trying some other method...
|
|||
13 Apr 2008, 18:28 |
|
snify 13 Apr 2008, 23:05
it's as easy hackable as reg value
|
|||
13 Apr 2008, 23:05 |
|
AlexP 13 Apr 2008, 23:08
I was thinking about a small batch or .exe that will run when Windows starts, (I don't know where the reg key goes..) that way the user can't run the program before the TrialDays value is re-written.
|
|||
13 Apr 2008, 23:08 |
|
revolution 14 Apr 2008, 01:11
Of course you can't protect your trial period from a determined hacker, but is that your target audience? For most cases the users don't know anything about how to bypass even simple methods.
For a good example about how the whole protection thing is an impossible problem to solve just follow the MS Vista DRM cracking story. |
|||
14 Apr 2008, 01:11 |
|
snify 14 Apr 2008, 15:43
what is Vista DRM?
|
|||
14 Apr 2008, 15:43 |
|
revolution 14 Apr 2008, 15:54
snify wrote: what is Vista DRM? |
|||
14 Apr 2008, 15:54 |
|
itsnobody 14 Apr 2008, 21:15
Well if you're going to use this method you might as well have some type of encryption for the number instead of just dd 30 which anyone can view in any hex editor and modify
Like maybe take the number of days and multiply, add and whatever by a random value, then save the random value in the file too for decryption Then it'll be more difficult to hack, there's no such thing as anything impossible to hack, as long as it is encrypted and decrypted by the software itself it can be hacked |
|||
14 Apr 2008, 21:15 |
|
FrozenKnight 30 Apr 2008, 11:14
you could use encryption. If you set up your own download server you could place a encrypted date (preferably using an RSA algorithm) in the exe as it's downloaded then when they run the exe. Then when the date elapses past your expiration date. you copy a deleter executable that you hid inside your primary exe to the users temp directory and run it. you can pass your first processes PID to the deleter executable as a parameter. and run your deleter and have it check for when your process closes and then have it delete your first exe.
For added flare try using a random name on your deleter executable. |
|||
30 Apr 2008, 11:14 |
|
Kevin_Zheng 06 May 2008, 12:20
If one exe want to delete itself; the anti-virus sofware maybe think that it's one virus and this action have to be blocked it.
_________________ Pure Assembly Language Funs |
|||
06 May 2008, 12:20 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.