Results 1 to 6 of 6

Thread: ok i'm new go easy...

  1. #1
    bakeacake
    Guest

    Question ok i'm new go easy...

    ooook, right here goes (ooo first post nerves :P). i just edited this executable i was messing around with that had been annoying me as it was detecting if the file had been renamed or if it had been run from outside command line. Anyways the incesant (i THINK thats how you spell it) messageboxing was annoying me. so anyhow lazy/inexperienced/stupid me tracks down the messagebox calls and with a couple of je -> jmp bingo no more messageboxes anways im not bragging cos a) i'm crap b) i'm unimaginably crap, think about how bad you would be if you were to have a full frontal lobotomy, then halve that ability c) they were short jumps, god i can't even remember the hex for a long jump.

    anyway, the whole point of the above ramble is....i was wondering how it might actually check the renaming thingy?

    PS anyone got any tutorials that are good for really stupid people (either C or RCE or ASM or anything remotely helpful)....but not danish, i tried that once already. its waaaay to hard to pronounce :P
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    Well, if it checks the name then it has to have the original name stored somewhere. Open up the EXE in a hex editor and look for the EXE's name.

    -nt20

  3. #3
    getmodulefilenamea (00) - one way
    parse commandline - another
    and as nikolatesla20 says its gotta store the name to compare against somewhere in the exe

  4. #4
    Lord8Bit
    Guest
    Actually, - no, it doesnt have to keep a copy of the original filename.
    Any kind of checksum of the name would reveal a change.

    LordByte
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    Quote Originally Posted by Lord8Bit
    Actually, - no, it doesnt have to keep a copy of the original filename.
    Any kind of checksum of the name would reveal a change.

    LordByte

    It doesn't have to store the name but it's a good place to start.

    -nt20

  6. #6
    bakeacake
    Guest
    cheers people, i was wondering why it hadnt got the name stored everyone has been most helpful so thanks again.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Hooking all functions of a dll...any easy way?
    By tr1stan in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: October 9th, 2012, 16:21
  2. imports are easy to fix
    By deroko in forum Blogs Forum
    Replies: 5
    Last Post: October 24th, 2007, 10:22
  3. easy printf reversen
    By XFlorian in forum Linux RCE
    Replies: 7
    Last Post: January 23rd, 2005, 09:50
  4. easy printf reversen
    By XFlorian in forum The Newbie Forum
    Replies: 2
    Last Post: January 17th, 2005, 09:14
  5. easy but how ?????
    By black_ice in forum The Newbie Forum
    Replies: 3
    Last Post: November 8th, 2002, 21:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •