#1
|
|||
|
|||
Beating a two session max!
I got this application.
It will let me run two instances of this app at the same time, no more! Having two installations doesnt solve the problem. Renaming the exe doesnt solve the problem. Renaming the top window handle doesnt solve the problem. It could be a registry value, ill check that with a monitor now, but i HIGHLY doubt that is it! Just two many possible error factors involved. Could it really be that this app iterates through all running processes trying a ReadProcessMemory for identification ? This sounds far fetched as well, but its the nect logical conclusion I can come up with! Key words : I can come up with Well.. Im a noob! Dont kill me plz ? I just wanted some input, what do YOU think is the most likely explanation for this behavior! (also, the app doesnt host a serversocket, its not a port comm thing!) Actually.. while reviewing network activity in different versions of netstat (with gui's and all) yields nothing interresting, using SysInternals TDImon yielded an interresting result !! To quote the help ! "TDImon gets its name from the fact that it monitors activity at the Transport Driver Interface (TDI) level of networking operations in the operating system kernel." And what is kinda interresting is that only THREE processes show activity here explorer.exe myfirewall.exe theappthatannoysme.exe So maybe it DO have some loopback activity going on ? It shows up as TDI_SEND TCP:10.0.0.2 (my ip) SUCCESS-562 length:32 Allrighty then !!!!!! Both sessions show this behavior!! (using different destination ports!) First thing : Is this the monkey im chasing ? Second thing : How do I bean it ? (firewall blocking doesnt seem like an option!) [Edit JMI: DO NOT answer your own post. Use the EDIT Button. That's what it's for.] |
#2
|
||||
|
||||
everything is possible, and there are of course no limits to ways you can do to check the presence of another istance of the same program, the concept is that the two istances must share an information, even a single bit, but among the simplest method there's also the check of the main window's class name. try to have a look at it.
The best way is to check where the program decides to go on or to terminate, so try tracing exitprocess (or any exiting way) and then go backward to where it was called from..
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#3
|
|||
|
|||
I have a couple programs that use the loopback funtion on defined ports to check to see if there's a copy of the program running. I suspect if they really wanted to do it this way the program could have to statically defined ports (bad Idea in general) and it could check them both to see if there's a copy. If a message is sent it replies.
Concerning: "(firewall blocking doesnt seem like an option!)" -- Are we speaking of every firewall or the external only firewalls. Have you tried to block the process from sending out a message? I mean some programs such as ZoneAlarm and other internal firewalls can control the ability for a program to send any messages across any ports. You could also try to block the port that it's sending information through after it's open. |
#4
|
|||
|
|||
There are various possibilities of detecting multiple instances, some also includes kernel objects. Using network is not really a smart solution and unlikely to be used.
Also have a look here hxxp://www.codeproject.com/cpp/avoidmultinstance.asp hxxp://www.flounder.com/nomultiples.htm By the way, which application is that ? Visu |
#5
|
|||
|
|||
As "Visu" said , there're various possibilities of detecting multiple instances . One of these coul be a semaphor declaration . To avoid runing of another instances , you can declar a semaphor with special name and at the bigining just create your named semaphor and if the API return by ALLREADY_EXIST error , it shows that another instance has been run later .
|
#6
|
|||
|
|||
maybe there is used mutex
Code:
invoke CreateMutex,0,0,addr dlgname invoke GetLastError xor al, 0B7h jz _exit |
#7
|
|||
|
|||
Well,you can patch it as kubik said.
but is there any other mutex,especially data?Then it will fail! |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Starting a debugging session with Flexlm lmgrd and a vendor specific daemon | zaratustra | General Discussion | 14 | 12-30-2005 19:55 |
beating IsDebuggerPresent for my unpacker | 0x539 | General Discussion | 14 | 03-02-2005 05:01 |