Page 2 of 2 FirstFirst 12
Results 16 to 17 of 17

Thread: Circumventing windows file protections...

  1. #16
    Why not simply hook CreateProcessA/W with an IAT patch or using the detours library or further just reverse the target and change the flag in the CreateProcess call? Granted you may need to hook CreateProcess(Ex)A/W in the target's launcher as well if it needs to be completely automated on program startup as well as adding the CREATE_SUSPENDED flag so on return from CreateProcess you can be sure kernel32.dll is imported and that your patch will take place without concurrency issues (remember to call ResumeThread on the returned primary thread handle and you are all set).

  2. #17
    All good ideas! The problem I had, was that the application that was using the file, was a browser. I wanted to be as unobtrusive as possible. The CreateHardLink solution turned out to be perfect.

Similar Threads

  1. A small question regarding swf protections
    By Hero in forum The Newbie Forum
    Replies: 0
    Last Post: December 4th, 2009, 08:32
  2. Circumventing custom SEH
    By REBlog in forum Blogs Forum
    Replies: 0
    Last Post: October 19th, 2007, 20:27
  3. Armadillo + other protections...
    By Hero in forum Malware Analysis and Unpacking Forum
    Replies: 6
    Last Post: March 28th, 2007, 08:26
  4. This PE file is not in standerd windows format ???
    By Care+ in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 24th, 2002, 00:46
  5. windows xp debugger problems, rv's tracer on windows xp.
    By tsehp in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: April 6th, 2002, 12:11

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts