I have a curious about protecting an win32 application from unauthorized people by injecting a password into PE header.
so, when anybody running such a potected application, windows displays a dialog box to get the password required to run it.

How can i do that? Where is the place the password can be aside?

Thankyou for reading..
Regards..
Posted on 2003-08-16 07:28:37 by Yeori
example + source (asm)
Posted on 2003-08-16 07:59:14 by wizzra
thank you @wizzra.


But,,,, it doesnt work on my XP system. After setting up a password an win32 program, i cant run the protected program any more.
System shows an error message to me..

anyway.. can i get docs describing THESE ALGORITM somewhere?
i just want to know the its algoritm than real source files...

thankyou.
Posted on 2003-08-16 10:00:50 by Yeori
Yeori, check out http://www.programmingjournal.com/ and specifically Programming Journal #3 has a tutorial called "Coding a small PE wrapper."

I don't know if it works on XP, but it's more than just a source code.
Posted on 2003-08-16 12:37:56 by SamiP
http://www.programmingjournal.com/

"Locating API functions in memory (MASM)" ... the ZIP

Why is this the only thing being blocked...

Do you have a copy SamiP. Everything else but this will not download to my machine. Is anyone else seeing this problem.

Must be something DECENT !!!
Posted on 2003-08-16 22:30:14 by cmax
Forget it, I think the site new set-up and ideas are not completed just yet. He got enough information right under the header.

I really like his improvements. He is getting down to the nity gritty of API in ASM instead of C++ for every dame thing. I am more interested in the (ASM) (API) subject than anything else these days. Maybe thats why MS want to release the source in a cracker jack box because of those great coders who doing it ALL ON THERE OWN like the man from the Journal. Who need faults favors after all of these years of hiding it for the Programmer themself then turn around and screw it all up with some unknown new style programming scripts and sh*t making all of this for nothing like what happened to Dos programming.... SAVE IT... Those goofy greedy Boys are the people that is going to bring a great company down and many other with it.

Who ever got the API hook in pure assemblers must be a happy KING ... Who cares about Ring0 and sh*tty bounce back to Ring3 protections scheems. Just show me that hidden pure ASM api hook and MS themself will NEVER crack any thing i write and no one else for that matter. Yes this my THREAT, DARE, B E T ... ..BET

Not looking for a responce. Just blowing off a little steam after my visit. It gave me a lot of (ON THE MAP) ideas . And Me King i will match you SHORTLY... :) I release the floor and let Yeori get back to business...

Thank you

What a Great Old awaking Link


Posted on 2003-08-17 01:11:54 by cmax
Thank you all guys.. i think i got a clue! :)

Listen.. and check up my clue whether or not it's right.
The Encryption of win32 apps isn't a something special feature supported by MS or PE header.
Because, to encrypt an win32 program, we must inject some codes into a target program in order to show a dialog box where a user can type a password.
In addition, to complete, PE header table also must be updated with a new list of imported funtions, and the entry point of PE header should be redirected to codes that shows a dialog box.

This is the true story of encrypting PE header i think... is it right????? :grin:
Posted on 2003-08-17 02:24:05 by Yeori
Evudently you do, :)

I don't know but the word inject makes many run for cover.
Posted on 2003-08-18 01:18:30 by cmax
In addition, to complete, PE header table also must be updated with a new list of imported funtions


That's not neccessary, you can use LoadLibrary + GetProcAddress APIs in your injected code. You can even search DLLs for wanted exports by their hints/names instead of using GetProcAddress :)
Posted on 2003-08-18 12:00:53 by Sorthalan
yes, @Sorthalan. You're right! ;)
Thank you for checking up!

and, Have a good day all guys ~ :)
Posted on 2003-08-18 13:25:54 by Yeori