|
#1
|
||||
|
||||
Modifying resources of self-checking exe
Anyone got a good tutorial for this? I was just trying to experiment with the kav.exe icon (Kaspersky AntiVirus GUI part) and of course I cant because it detects itself as being "modified" once you run it again (KAV Personal v5.0.153)... Is there a simple way to do this? All I really want to do is chane some resources like icons and text and stuff, nothing serious.
|
#2
|
|||
|
|||
The only way is to Patch the Self-Check, cause you cant edit the File without changing the Checksum.
|
#3
|
|||
|
|||
Yeah you have to either
1. Patch the self checking routine as Cobi says or 2. Figure out what hashing algorithm is used and find a "Hash Collision" for it using the new resources. I recommend 1 |
#4
|
||||
|
||||
well, i f it uses CRC32, you can crack it normal way and use a CRC32 fixer
|
#5
|
||||
|
||||
Hehe, I doubt Kaspersky guys would use CRC32 for thier software (i wish). Anyway thanks for that info. =)
|
#6
|
||||
|
||||
well i don't have kaspersky, so i don't know
did you try breaking on APIs like CreateFileA? i think it's needed for nearly every self-check on HD. or did you check all used crypto? else if crypto is used... CreateFileA will be also needed |
#7
|
|||
|
|||
Quote:
to spend much time to do a patch.I 'd like to hook the apis it called and change the return value,this is a programming way. |
#8
|
||||
|
||||
Quote:
But you forget something, there's not API func for CRC. If you mean to hook internal func, then it's a very hard job, you must debug this internal func to know how it's calculate the CRC and what format use (decimal,HEX,string) to return the value that you want. it's more easy to patch because must be only a few bytes. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Highly self modifying code | chants | General Discussion | 1 | 09-21-2016 17:46 |
Google Source code(Search and Spell checking) | Hero | General Discussion | 0 | 02-02-2005 18:48 |