EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-28-2003, 08:29
sb1855
 
Posts: n/a
how do you stop a program from calling home?

ok,
I got a program, it calls home to verfied the info that was inputted
if it's ok, it's reg, if it's not, it reverse back to eval or demo
I have been tolded in order to stop it from calling home you
set your firewall up and then it can't phone home .
ok, but noone is telling me how to do this. I'm running winnt 4.xx
on a public computer, so the basic questions are:

(1) what program is running to allow the software to call home?
(2) what software do i run in order to stop it from calling home?
the settings,the port,etc..
(3) will these settings work for every program that calls home?

please enlighten me if you can..


sooooo confuseddd

Reply With Quote
  #2  
Old 03-28-2003, 09:41
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 333
Rept. Given: 6
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 12
Thanks Rcvd at 35 Times in 7 Posts
WhoCares Reputation: 11
You can run a network sniffer(such as NAI Sniffer, CommView, EtherPeek, LanExplorer etc.) to get the server IP/Name/Port/Protocol, then block it.

If you don't want to install a sniffer, the firewall will pop up to ask you whether to block it if the target want to phone home.

Use ZoneAlarm Pro, Sygate Personal Firewall, Tiny Personal Firewall etc.
__________________
AKA Solomon/blowfish.
Reply With Quote
  #3  
Old 03-29-2003, 00:55
Vox Humana
 
Posts: n/a
The programs that, at very end, allow the connection are Remote Access Connection Manager and Remote Access Auto Connection Manager; they are kernel components running as services.

There are many ways that your program can use in order to access the services; the use of the RASAPI functions is the easier way in Windows, but the most detectable too.

From your description it can't be understood if your program checks if the machine is connected, then perform its operation, or if it tries to start a new connection; from NT 4, the RASAutodial function is implemented for this purpose.

Anyway, bear in mind that if you're using a public computer and you (as usual) are not allowed to login as Administrator, you won't be able to:

- install a firewall
- stop any service

The simplest thing you can do is checking by the Task Manager if, when your program tries an outside access, a new process is started; if so, you will have localized the dialer of your program.

Hope it helps
Reply With Quote
  #4  
Old 03-29-2003, 03:41
tom324 tom324 is offline
Friend
 
Join Date: Jan 2002
Posts: 211
Rept. Given: 5
Rept. Rcvd 6 Times in 5 Posts
Thanks Given: 11
Thanks Rcvd at 8 Times in 4 Posts
tom324 Reputation: 6
The best way is to have separate box on LAN running Linux and configured as router/firewall which controls (and logs) all incoming and outgoing connections. Then you can controls who and how connects to.

Tom
Reply With Quote
  #5  
Old 03-29-2003, 04:40
Squidge's Avatar
Squidge Squidge is offline
Drunken Squirrel
 
Join Date: Oct 2002
Posts: 408
Rept. Given: 4
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Squidge Reputation: 9
Wouldn't it be easier to rip the "calling home" code out of the program? It most likely will not accept any serials you enter until it has made a successful connection to home anyway, so may as well hack up the program to stop it from doing so and do the serial routine whilst your in there.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
x64 calling convention and home space mcp x64 OS 7 08-17-2015 11:40
Calling function from a class AdamD General Discussion 0 02-17-2005 22:59
Softice - how do I return to calling code? sync General Discussion 16 08-22-2002 20:02


All times are GMT +8. The time now is 05:01.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX