Thread: CreateFileA, the mother of all self-checks
View Single Post
  #1  
Old 09-18-2004, 01:30
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
  
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
CreateFileA, the mother of all self-checks
as you know, nearly every program which uses a self-check on file (on harddisc, not in ram) needs to use the API CreateFileA to open it.

so my question: is it a good solution, first to create a copy of the file called <originalexe>.dat
and then do in the exe following:
hook the API CreateFileA

the hook does
Check if CreateFileA is used on main-exe
if used on main-exe, patch <originalexe>.exe in memory to <originalexe>.dat
then call real CreateFileA
so the program would think every CRC is ok because it checked the original file.
Reply With Quote