Exetools
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   CreateFileA, the mother of all self-checks (https://forum.exetools.com/showthread.php?t=5411)

doug 09-21-2004 10:21
Quote:
I don't know if I understand all this topic, but relatively at the .bak method, there is a well knowed way to bypass the CRC-check on disk : simply leave the original exe as it is and start the patched one, renamed, in the same folder... What more is needed ?
GetCommandLine, GetModuleFileName and the other derivatives can give you the filename of the the exe that's running.

You're assuming that the filename was hardcoded somewhere; which is usually not the case.

Michel 09-21-2004 16:41
Ok, you are totally right !

Shub-Nigurrath 09-21-2004 22:54
Hi guy it seems like you forget to look at the MSDN :D

Quote:
The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space-delimited token in the lpCommandLine string.
If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin; otherwise, the file name is ambiguous.
For example, consider the string "c:\program files\sub dir\program name".
This string can be interpreted in a number of ways. The system tries to interpret the possibilities in the following order:

c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name
c:\program files\sub dir\program name.exe
I also had the same idea some time ago with CRegistryManager (if I'm correct, sorry I have lost my post or ARTeam forum's past era :rolleyes: ), which on the unpacked program was doing so much checks that was so long to avoid all of them. It was packed with Asprotect or anyother packer easily unpackable, so was possible to modify the the IAT in all the ways you want.

I created a DLL into which DllMain I hooked the CreateProcessA, to point at the .dat original unpacked file. It was called passing a NULL parameter as stated above. The I added using IIDKing this DLL to the Import Table.

The result was working excellently and to release the patcher you can also use the QuickUnpack.dll I wrote..
Of course is just a way, the other one is simply patch all the checks.

Crk 09-30-2004 01:45
so far i can see still is possible to inline patch Aspr. 1.3x -2.x :eek:

Proof: hxx//www.appznet.eu.tt/Sep/Tag&Rename.v3.1.6-RES-crk.zip

Password: www.appznet.eu.tt

this one has the OEP encrypted ......might be aspr.2.0

anyone has ideas how this work was done?? how to inline patch latest aspr. manually :confused:

mosu 09-30-2004 03:55
Norton SystemWorks 2005 released
 
its time for an update. many user will be happy
h**p://www.omck.info/b2.php?p=952&more=1#more952


All times are GMT +8. The time now is 18:36.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX