PureBasic Forums - English

I read that you can modify the third byte of a program, and the program continues operational. I Read that a few years ago ( 1 or 2) and i dont know if it works with Purebasic but works with Delphi ... so you can use 2 importants files in the user's system (explorer.exe and cmd.exe, or any others files) ... or you can use several systems programs and store several numbers, but only two are the numbers that you need to read to know how much times your program has been used (use several files number/programs so the hacker will be confused with all that stuff).

This idea its not the best way to do this (because the hacker can see that you read that bytes in the programs) ... but i think it can help you

i think that its better to protect your program with assymetric encryption ... (dont ask me how ) ...

Sorry for my bad english

> I read that you can modify the third byte of a program, and the
> program continues operational

I just tried this with Calc.exe and it works. But, then XP's file protection
kicked in and replaced my modified Calc.exe with the real one again.
This also happens with Explorer.exe and Cmd.exe, so you can't use this
tip with important system files.

Doing it with your own app should work fine, though. I just tried it and it
works. If you pack your app with UPX, you can even modify the locations
of the string "UPX" in the exe to store even more data. Just remember to
take things into account like the user making the exe read-only, as I do
before running a new app. I also backup the exe before running it.
Also, some users might pack the exe with UPX to save disk space or to
make running it from a floppy a bit faster. What would you do then?

Rings wrote:

ricardo wrote:.... you can use a dll and run it from memory without writing it to HD.Until now the only way to do it is using PEBundle.....

until now ....

Now that was an interesting remark, Rings....
Do you care to elaborate a bit on that ??

by the way ... another thing that you can do in a program ... is to add data to the end of the program, and it stills functional ... you open it in binary mode, add a "star tag" for the data, write the data (strings ... whatever), and finally you put "end tag" ... after that you can read that data searching between the start and the end tag.

You can store encrypted info in that file ...

again, i think ... it is not the solution for your problem ... but may be it can help you ...

sorry for my bad english

Something to note about modifying the executable is that virus checkers
might freak out a bit... and I know ZoneAlarm will alert you that the exe
has changed. Too much hassle for my liking.

Modifying files this way is not modified, esp if it is files that do not belong to your own program etc.
What happens if those files are updated or changed?
You might cause CRC errors, users may have to reinstall your own porgram,
or worse windows says a file has been changed and try to restore it.


anyone remember that stry about the taxes softeware (I think that's what it was) that used a sec system that modified unused and undocumented blocks/areas of the HD? Caused some serious disk trashing issues
with those running multiple OS on a drive. *laughs*

Hi,

Why don't you encrypt the whole exe and when you execute the program decrypt the exe and run it. In the mean time you can modify some resource positions in the exe code when you encrypt it again. It'sjust like a selfextracter but is runs itself.

A simple Memory dumper would dump whole thing from memory, so this wont just work.

If you had your program have an encrypted settings file then you could encrypt the settings file in such a way that the decryption key was the number of uses.. meaning without the number of uses being there they would have to set the program up every time... which is annoying...

dell_jockey wrote:

Rings wrote:

ricardo wrote:.... you can use a dll and run it from memory without writing it to HD.Until now the only way to do it is using PEBundle.....

until now ....

Now that was an interesting remark, Rings....
Do you care to elaborate a bit on that ??

sorry to re-activate this post, but i will do an comment on it now.

in the next time (perhaps 1 week after eastern) i will do a big release
of all my libs(also all those you don't know ),
also the lib to use a dll only in memory
(without writing anything to disc) .
in the meantime i did some heavy tests with it and a flat database-dll.
for a flat-database-lib for Purebasic.

so stay tuned............

use dll directly in memory? now that sounds interesting! That would actually
mean we could pack a dll, include it in the exe, unpack dll to memory at runtime and use your lib to call it?

thefool wrote:use dll directly in memory? now that sounds interesting! That would actually
mean we could pack a dll, include it in the exe, unpack dll to memory at runtime and use your lib to call it?

Yes, sort of.
You'll be able to call the dll directly from memory, like LoadLibraryMem(),
IsFunctionMem(), CallFunctionFastMem() The DLL would be included via
IncludeBinary

great ! any idea when your lib pack is done?

thanks Rings, for announcing what you're up to! I'm going to give that lib a very thorough test!

Ok, Rings, you've wetted our appetites!

But, you said this in March, and it is now July!

Any news on a release?

Russell