flat assembler
Message board for the users of flat assembler.

Index > Windows > EXE file to write to itself ?

Author
Thread Post new topic Reply to topic
snify



Joined: 02 Dec 2004
Posts: 39
snify
I want to do something like (just example of usage):

TrialDays dd 30

and then the exe to write itself to 29, and 28 etc. It would be nice way to keep settings. Is it possible, cause I've see some exe's that deletes itself?
Post 13 Apr 2008, 11:26
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17715
Location: In your JS exploiting you and your system
revolution
You have to start another process that will then delete/alter your exe.

Many implementations I have seen will start explorer.exe and inject code into it that does the deletion/alteration.

There are already examples on this board, a little bit of searching will yield results.
Post 13 Apr 2008, 11:38
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
I wouldn't go for the thread injection in other process, it's going to trigger some of the antivirus solutions out there. Your only safe option is really to copy yourself to %temp%, launch the copy while shutting down the main app, etc.
Post 13 Apr 2008, 11:55
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17715
Location: In your JS exploiting you and your system
revolution
f0dder wrote:
I wouldn't go for the thread injection in other process, it's going to trigger some of the antivirus solutions out there. Your only safe option is really to copy yourself to %temp%, launch the copy while shutting down the main app, etc.
That gets very tricky, how to delete the temp exe? Same problem again. Some people also start up cmd.exe and run a batch file that does the deletion.
Post 13 Apr 2008, 12:19
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
You re-launch the original exe with a -del command... I did that for the initial versions of fSekrit, and yes it is messy. But it works, and is less likely to trigger an AV alert.

Running cmd.exe with a batchfile is a possibility, because batch files can delete themself... but on win9x and command.com, the console window often doesn't go away.
Post 13 Apr 2008, 12:27
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17715
Location: In your JS exploiting you and your system
revolution
f0dder wrote:
You re-launch the original exe with a -del command... I did that for the initial versions of fSekrit, and yes it is messy. But it works, and is less likely to trigger an AV alert.
So the process flow is like this?
Code:
   Original exe            |Copied exe
--------------------------------+-----------------------------
1.     make a copy of me       |now in %temp%
2.    run the copy            |wait for original exe to exit
3.    exit                    |gets exit notification
4.   being modified          |modify the original exe
5.  waiting for copy to exit|run the original exe
6.     gets exit notification  |exit
7.     delete the copy         |ready for deletion
8.       exit                    |deleted            
Post 13 Apr 2008, 12:44
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Yes, something like that.

I use a different approach for fSekrit now, though: at startup, copy self to %temp%, then launch that with "-edit". When user quits, the copy launches the original with "-delete". This way, the program doesn't "flicker in and out of existence" every time the user saves Smile
Post 13 Apr 2008, 13:05
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17715
Location: In your JS exploiting you and your system
revolution
f0dder wrote:
I use a different approach for fSekrit now, though: at startup, copy self to %temp%, then launch that with "-edit". When user quits, the copy launches the original with "-delete". This way, the program doesn't "flicker in and out of existence" every time the user saves
Seems like a good approach. Thanks for sharing.
Post 13 Apr 2008, 13:27
View user's profile Send private message Visit poster's website Reply with quote
System86



Joined: 15 Aug 2007
Posts: 77
System86
Simple way to bypass this whole trial-days thing:
@echo off
copy /B /Y trialapp.exe trialapp.bkp
trialapp
copy /B /Y trialapp.bkp trialapp.exe
Post 13 Apr 2008, 18:04
View user's profile Send private message Reply with quote
System86



Joined: 15 Aug 2007
Posts: 77
System86
Have your process create another process, and when your exe exits, the process it launched will modify the exe, which is now unlocked since your program exited.
Post 13 Apr 2008, 18:08
View user's profile Send private message Reply with quote
asmhack



Joined: 01 Feb 2008
Posts: 431
asmhack
snify wrote:
I want to do something like (just example of usage):

TrialDays dd 30

and then the exe to write itself to 29, and 28 etc. It would be nice way to keep settings. Is it possible, cause I've see some exe's that deletes itself?


useless and unsecure method, no need to explain why, better write to registry or to a hidden file, just remember that everything is crackable..
Post 13 Apr 2008, 18:26
View user's profile Send private message Reply with quote
itsnobody



Joined: 01 Feb 2008
Posts: 93
Location: Silver Spring, MD
itsnobody
too easily hackable, you're better off trying some other method...
Post 13 Apr 2008, 18:28
View user's profile Send private message Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
it's as easy hackable as reg value Smile
Post 13 Apr 2008, 23:05
View user's profile Send private message Visit poster's website Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
I was thinking about a small batch or .exe that will run when Windows starts, (I don't know where the reg key goes..) that way the user can't run the program before the TrialDays value is re-written.
Post 13 Apr 2008, 23:08
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17715
Location: In your JS exploiting you and your system
revolution
Of course you can't protect your trial period from a determined hacker, but is that your target audience? For most cases the users don't know anything about how to bypass even simple methods.

For a good example about how the whole protection thing is an impossible problem to solve just follow the MS Vista DRM cracking story.
Post 14 Apr 2008, 01:11
View user's profile Send private message Visit poster's website Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
what is Vista DRM?
Post 14 Apr 2008, 15:43
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17715
Location: In your JS exploiting you and your system
revolution
snify wrote:
what is Vista DRM?
It means you can't play your Blue-ray/HD-DVD at full quality because you might be copying it illegally. Hence it was (easily) hacked so people could watch their movies at full quality and to avoid the serious performance killer of the downgrading mechanism used to reduce the quality of said movie.
Post 14 Apr 2008, 15:54
View user's profile Send private message Visit poster's website Reply with quote
itsnobody



Joined: 01 Feb 2008
Posts: 93
Location: Silver Spring, MD
itsnobody
Well if you're going to use this method you might as well have some type of encryption for the number instead of just dd 30 which anyone can view in any hex editor and modify

Like maybe take the number of days and multiply, add and whatever by a random value, then save the random value in the file too for decryption

Then it'll be more difficult to hack, there's no such thing as anything impossible to hack, as long as it is encrypted and decrypted by the software itself it can be hacked
Post 14 Apr 2008, 21:15
View user's profile Send private message Reply with quote
FrozenKnight



Joined: 24 Jun 2005
Posts: 128
FrozenKnight
you could use encryption. If you set up your own download server you could place a encrypted date (preferably using an RSA algorithm) in the exe as it's downloaded then when they run the exe. Then when the date elapses past your expiration date. you copy a deleter executable that you hid inside your primary exe to the users temp directory and run it. you can pass your first processes PID to the deleter executable as a parameter. and run your deleter and have it check for when your process closes and then have it delete your first exe.

For added flare try using a random name on your deleter executable.
Post 30 Apr 2008, 11:14
View user's profile Send private message Reply with quote
Kevin_Zheng



Joined: 04 Jul 2003
Posts: 125
Location: China
Kevin_Zheng
If one exe want to delete itself; the anti-virus sofware maybe think that it's one virus and this action have to be blocked it.

_________________
Pure Assembly Language Funs
Post 06 May 2008, 12:20
View user's profile Send private message MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.