Layered Service Providers (LSP)

A lot of programs coming out now have server checks, some of them just checking reg info when you first enter it (such as SystemWorks and others) and some checking basically whenever you run the program (Thinstall, Easy CD-DA Extractor 7.x). Though these can be worked around or simply cracked, I was wondering about the possibility of using a LSP to reroute the outgoing connection to a local responder EXE/DLL/whatever which returns the "all clear" to the program.
It seems like in some cases that would be a much more elegant way to handle these requests. It would be more likely to cover multiple versions of the programs than most cracks.
Just tossing some thoughts around, maybe someone else here has already played around with the idea.

[ee45678]

Although this may be a very elegant solution but in most of the cases it would be an overkill. Most apps. are designed to tackle the situation where the internet conection may be down or non existant. They usually provide an alternative registering scheme where by you call by phone and type in the reg. info.

Only in the case of apps. which require verification from an internet host before accepting reg. info or doing anything usefull this method would be needed. But implementing this would require either sniffing an actual (real) conversation between the app. and its server or extensive reverse engineering of the app. code to unravel the expected server response. Added to this is the fact that each app. would employ different app. to server interaction scheme/protocol. All this will make this approach rather tedious to implement for all the different apps.

I think that more and more apps will go this "live internet server verification" route in the future but I feel that this can be tackled by turning off (patching) such checks instead of providiing elaborate fake server emulations. As long as the app. contains all the needed functionality code we can fix it to work without the server checks. Also, if it downloads functionality code from the server then we need to snoop just once to snag the needed code and patch it in permanently.

I hope the experts here might shed more light on it.

[omidgl]

I've used this method . but not with layered services. I've used API spying techniques to catch Socket calls from the program and return it what it want.

You can use this link as a reference to APISpying techs
h--p://www.internals.com/articles/apispy/apispy.htm

There is a section named "Winsock Hooking" in the above article that will guide you as sure.

Regards
OMID

[Cobi]

I've seen another way to implement this approach yesterday, were a little tool called iWeb Server (its just a little exe and works without installation) was supplied with the programm,

(http://www.ashleybrown.co.uk/iweb/)

and a new entry was added to the Host file (C:\WINDOWS\SYSTEM32\DRIVERS\ETC) to relocate a specific Adress, for example www.thinstall.com, to localhost.
So you don't have to play around in Kernel Mode or other build dependent regions of Windows and to minimize the compatibility of your release.