#1
|
||||
|
||||
Modifying resources of self-checking exe
Anyone got a good tutorial for this? I was just trying to experiment with the kav.exe icon (Kaspersky AntiVirus GUI part) and of course I cant because it detects itself as being "modified" once you run it again (KAV Personal v5.0.153)... Is there a simple way to do this? All I really want to do is chane some resources like icons and text and stuff, nothing serious.
|
#2
|
|||
|
|||
The only way is to Patch the Self-Check, cause you cant edit the File without changing the Checksum.
|
#3
|
|||
|
|||
Yeah you have to either
1. Patch the self checking routine as Cobi says or 2. Figure out what hashing algorithm is used and find a "Hash Collision" for it using the new resources. I recommend 1 |
#4
|
||||
|
||||
well, i f it uses CRC32, you can crack it normal way and use a CRC32 fixer
|
#5
|
||||
|
||||
Hehe, I doubt Kaspersky guys would use CRC32 for thier software (i wish). Anyway thanks for that info. =)
|
#6
|
||||
|
||||
well i don't have kaspersky, so i don't know
did you try breaking on APIs like CreateFileA? i think it's needed for nearly every self-check on HD. or did you check all used crypto? else if crypto is used... CreateFileA will be also needed |
#7
|
||||
|
||||
I've cracked the last version of safelock (I'm preparing to upload to ftp) and it uses CRC check in every, but it was very easy, make a BP on createfilea and then analyze the parameter that get the name of the file, if this is the name of your exe the you must change the jump, or NOP, etc... or follow the algorythm and take note of the new CRC and the old and search the EXE for the old, remember that not all soft uses the CRC standard. Normally, the crc generated by the programmer is in the end of the file, normally, in other is in a crypted file, etc...
|
#8
|
|||
|
|||
Quote:
to spend much time to do a patch.I 'd like to hook the apis it called and change the return value,this is a programming way. |
#9
|
||||
|
||||
Quote:
But you forget something, there's not API func for CRC. If you mean to hook internal func, then it's a very hard job, you must debug this internal func to know how it's calculate the CRC and what format use (decimal,HEX,string) to return the value that you want. it's more easy to patch because must be only a few bytes. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Highly self modifying code | chants | General Discussion | 1 | 09-21-2016 17:46 |
Google Source code(Search and Spell checking) | Hero | General Discussion | 0 | 02-02-2005 18:48 |