Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Modifying resources of self-checking exe
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-16-2004, 04:36
c4p0ne's Avatar
c4p0ne c4p0ne is offline
Friend
  
Join Date: Jul 2002
Location: n/a
Posts: 83
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 2
Thanks Rcvd at 0 Times in 0 Posts
c4p0ne Reputation: 1
Post
Hehe, I doubt Kaspersky guys would use CRC32 for thier software (i wish). Anyway thanks for that info. =)
Reply With Quote
  #2  
Old 09-17-2004, 03:44
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
  
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
well i don't have kaspersky, so i don't know

did you try breaking on APIs like CreateFileA? i think it's needed for nearly every self-check on HD.

or did you check all used crypto? else if crypto is used... CreateFileA will be also needed
Reply With Quote
  #3  
Old 09-17-2004, 12:43
taos's Avatar
taos taos is offline
The Art Of Silence
  
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 137 Times in 36 Posts
taos Reputation: 54
I've cracked the last version of safelock (I'm preparing to upload to ftp) and it uses CRC check in every, but it was very easy, make a BP on createfilea and then analyze the parameter that get the name of the file, if this is the name of your exe the you must change the jump, or NOP, etc... or follow the algorythm and take note of the new CRC and the old and search the EXE for the old, remember that not all soft uses the CRC standard. Normally, the crc generated by the programmer is in the end of the file, normally, in other is in a crypted file, etc...
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Intercepting then modifying USB traffic Turkuaz General Discussion 6 10-23-2024 13:20
Google Source code(Search and Spell checking) Hero General Discussion 0 02-02-2005 18:48


All times are GMT +8. The time now is 17:35.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )