Hello Fellas, I am new to this board, but It seems that it is the best.

I am making a Self-Extracting software, using Resources.

I am not a pro in Assembly language, but I finished the Self-Extracting module, what left is the Injection software (Injector that injects the compressed file into the resource)

My problem is how to inject the file into the compiled Executable resources

Please, Don't tell me no to use the Resource technique, I don't want to use another way for doing that, and I think that what I need is possible, in Windows NT & XP there is the API UpdateResource which will handle this job, but I want my software to be compatible with all Windows version.

This is possible via using programs like ResourceHacker or PE-Explorer, ExeScope, and many other programs.

But I don't want my software to use the above programs, I want to handle this myself.

I thought of the following:

- Compiling the Program into .OBJ
- Store the original .OBJ file in the Injector program (As Resource)
- The Injector Creates the Resource and compile it to .OBJ (Using RC.exe) and put it in the Temp directory
- The Injector extracts the Program .OBJ, to the Temp directory
- Link the Program .OBJ to Resource .OBJ
- Delete all the .OBJ files
- The Executable is now compiled

But I have a question:

- Is it secure to store my program .OBJ file, I mean, is it easy for Hackers to DeCompile it to its source code, and use it in their programs?

Thanks,
Blastersoft
Posted on 2004-09-07 03:12:19 by Blastersoft
hey blastersoft,
you should really make up another plan for your prog. On the one hand you do not want to use such programs like resource-hacker ... , on the other one you are planning to build-in a linker and a compiler...
in order to write a proper software (not including the whole development environment) you should use the API BeginUpdateResource (which is part of win32 i think), call UpdateResource afterwards and close your handles with EndUpdateResource...this way you can modify executeables without compiler & linker... :roll:

Dominik
Posted on 2004-09-07 06:23:47 by Dom
From .Obj file? Ok linking only left. Why not, but that will mean that the app will be compiled in a seperate adress space. It wil act very similarly to a PELite exe. (And yes they are crackable). All it takes is to know that the app it running from a diffrent location than the initial one and bam, train it --- aaah hell dump it and modify it on disk.

I have the same problem with my current project. But then so does everyone. The trick is that you can't stop it, but you can slow it down. So use what eva you feel will slow them down... ps Common EXE compressors can be id via tools availible @ www.exetools.com .

I on the other hand say that if you use encryption - yes slow down the guy that doesn't have an installation key, but the guy who has can swing the app around as much as he likes. Well then encode somthing unique in each one -- and id that will tell you who's copy was made into a distrubital and well then go get him. (Database sales to electronic transactions via a website... onlyway to get the app).

There are other ways... dongle it. Here is something that came my way and well listen to it and see what you think. 16mb mp3.
link:
Listen to Bruce Schneier (of Counterplane and noted authority
on the of security / encryption)
http://www.ima.umn.edu/recordings/Public_Lecture/2000-2001/feb_12_01/schneier-24.mp3

Blastersoft, all windows versions... obviously not out of the box? Well you must then make your own routine and not make it dependent on windows at all. Here, just incase you dont have a PE spec...
link:
http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
Posted on 2004-09-07 07:14:18 by Black iCE
Oh i forgot to ask, i am also intiristed in sfx.... so can you point me in the right direction? I am attempting to make a Archiver so this stuff is usefull for me.

Thanks,
Black iCE
Posted on 2004-09-07 08:04:10 by Black iCE
Please, Don't tell me no to use the Resource technique


why not, using the resource section is a very dumb (time consuming) solution imho, when you can just add an overlay.
Posted on 2004-09-07 09:01:36 by lifewire
Hello Fellas...

Thanks for your Quick Reply

I found the solution...

BeginUpdateResource is not available in Windows 9x/Me, so I surfed the great MSDN library, and I got Microsoft Layer For Unicode DLL which supports this function and other functions in Windows 95/98/98SE/ME, you can download it FREE and DISTRIBUTE it with your application from :

http://download.microsoft.com/download/b/7/5/b75eace3-00e2-4aa0-9a6f-0b6882c71642/unicows.exe

Black Ice, Tell me the EXACT thing or POINT you need and I will tell you how to do it.
Posted on 2004-09-07 09:51:13 by Blastersoft
lifewire, using Resource section is not dumb, because, it is easy & fast.

and there is something you must remember:

Everything Is Crackable, Nothing is InCrackable :twisted:
Posted on 2004-09-07 10:13:14 by Blastersoft
Blastersoft,

Live editing an existing EXE file's resource section is not for the faint of heart. Later versions of Windows have an API for it but on earlier versions, you must edit and rewrite the resource section of a PE file which requires very detailed knowledge of the PE format and RES format.

If it is your own file and you know about how big the code you want to write into it is, you can in fact create an exe file with a raw binary resource with a known BYTE sequence at the beginning. You then search for it in the EXE file and simply replace it with your own data.

Everything Is Quackable, the noise crackers make when they cannot crack an app. :P
Posted on 2004-09-07 11:32:59 by hutch--
Hi Blastersoft,

You can try using Yaroslav's resource linker to bind compiled resource files ( .res ) to your executables:

Resource Linker V1.1 (24 jan 2002)

Usage: rl <PE_file>

a - Add resources from res file to pe file
b - extract resources from pe file to Binary file
d - Delete resources from pe file
e - Extract resources from pe file to res file
i - print some Info from pe file header
l - Link = d + a
m - Move = e + d

Only PE file, only 32 bit resource file
Default command = /a, default RES_file = PE_file.res


http://c--sphinx.narod.ru/FILES/rl.zip

The attachment contains an example, run the batch file Update.bat to change the standard icon of the executable.


rl Win.exe Icon.res /a
Posted on 2004-09-07 12:44:19 by Vortex

Please, Don't tell me no to use the Resource technique, I don't want to use another way for doing that, and I think that what I need is possible, in Windows NT & XP there is the API UpdateResource which will handle this job, but I want my software to be compatible with all Windows version.


Why not use another method? Appending archive data to end of SFX exe, and have last four bytes in file being the offset to SFX data is very simple, easy to get working, and doesn't require NT-only APIs...
Posted on 2004-09-07 12:50:20 by f0dder
exactly, i totally agree with f0dder and hutch :)
Posted on 2004-09-07 12:52:10 by lifewire
I agree with blastersoft on the part that everything is crackable. If it is running of the cpu of a pc you can change the result, and have other methods like RE to help do it. But as the mp3 suggested in the end that if you can derive some way where you would not care if your product is widely spread but the need to pay for something that could be considered as an extrac. Advertising model... or perhaps just selling it will allow you to get the value that you wished and then it is out of your hands. As the example stated about Steven King's book... that in my opinion was a brilliant way to get ppl to pay. But unfortunatly the software engineering side of things will not "really" be able to use that model. Systems need to be able to distingush between valid and malicois users... dissallow ppl from even opening your file in a text editor, but allow them to send info on a problem for technical support. So guys, there is a big problem - if you have a great app -- something new or better -- you are gonna loose money unless you device a "diffrent paying for use" model.

On the other topic: Layering... isn't that for A vs W support, but if the API doesn't exist in the win subsystem then it should not work, cause it doesn't compile the api into your app. MSDN says that win9x platforms don't support Resource editing API's and so doing your own implementation is recommended.

Everything Is Quackable, the noise crackers make when they cannot crack an app.

Huch-- Cracking takes only time, and ppl are getting better with it all the time... hell Linux cracked a protection scheme and claimed that they needed to do it to make a compattible software for it... CDC i think it was called. (Inside that MP3). Also just think if apps that have not been carcked.... mmm ok if you thought of 1 or 2 then it is probally cause they will not profit the person wishing to crack them and they most probally found something better anyway :roll:

Blastersoft, i just kindof wished to know what it softof involveds but now i know it will depend on how you want to wrap the file... resource wise or through your own implementation. So it varies a great deal. Thx anyway, i'll look for a way to do the sfx part later. Anyway i'll stick with my own implementation --- that is Windows platform independent.

Black iCE
Posted on 2004-09-08 01:19:25 by Black iCE
Thanks Vortex, It worked...

I tried the file from MSDN and it also worked...

Actually, there are a lot of ways that we can bind the data to our executable, for example: put the data at the bottom of the Self-Extractor and the last 8 bytes will be the original length of the Self-Extractor without data, so the program can extract the data between both and save them directly to file. (As f0dder & hutch said)

Hutch, please download the file I mentioned from MSDN, and see its exports, It contains some functions that are available in Windows NT,XP and not available in Windows 9x/ME, you can freely distribute it with your application.

Still the easiest option is using Resources, and by using the file provided by Vortex or using MSDN Layer For Unicode, we can do it.

Everyway has a good stuff and a bad stuff, I will compare all the ways and chose the best one.

Thank you all very much... 8)
Posted on 2004-09-08 05:28:40 by Blastersoft
Blastersoft,

The method you have described is easy enough to do, just OS version detect and only use API calls that are available in the OS version that is running.

The method that f0dder suggested to you is a very efficient method of having data available to a running EXE file as it is not loaded with the PE image where the method I suggested is loaded so you have the choice of either depending on what suits your application.

Black iCE,

Huch-- Cracking takes only time, and ppl are getting better with it all the time.

I have heard a lot of 'quacks' in my time from well thought out and original protection systems. What you have to calculate is 1. Whether the program is worth the effort where very few are and 2. Whether it can be broken within a viable time frame. If you have it done ready for the release of Win3k, it may be too late. :P
Posted on 2004-09-08 19:39:15 by hutch--
dude, it's easy to make uncrackable software - crippleware.
Posted on 2004-09-09 01:17:51 by Drocon
Dude, all it takes i one ass who has a non-crippled version (ie bought) of your app -- a debugger and a hex editor. Change the jmp;je;jge or what eva into something appropiate -- as in nop or jmp and damn there goes your app.

And he can hand it to anyone he wishes to.

Posted on 2004-09-09 02:15:11 by Black iCE
Heh!!!

1- I want my application to be translate-able to many languages, I don't want to perform HEX editing to the program to replace the words.

2- I don't need security, it is just a Self-Extractor not an Executable packer
Posted on 2004-09-09 04:31:36 by Blastersoft
The comment was to the individual who posted about crippleware on the first page... the last post.
Posted on 2004-09-09 05:37:34 by Black iCE
I want my application to be translate-able to many languages, I don't want to perform HEX editing to the program to replace the words.


I might be completely off again, but why not just use an .ini file with all the text strings inside ? Put a drop down menu where users can select their language and read the strings from the ini file. Ask users to submit their own language while their evaluating the app.
Posted on 2004-09-09 08:07:31 by JimmyClif

I have heard a lot of 'quacks' in my time from well thought out and original protection systems. What you have to calculate is 1. Whether the program is worth the effort where very few are and 2. Whether it can be broken within a viable time frame. If you have it done ready for the release of Win3k, it may be too late.

There isn't much software that hasn't been broken within a viable timeframe - IDA might be one of the few, but only because it is heavily watermarked (can only be done if you have few customers).

Even the cryptographically secure and very smart method used for CD-keys in XP and 2003 have been broken - because some (chinese, I think?) dude(s) realized weak parameters had been chosen for the ECC crypto. *poof*, 1sec to generate a valid key that _does_ work on XP SP2 and Win2k3 and windows update v5.

Dongle apps are broken, heavily protected programs are broken, and crippleware applications sometimes get code injected to make them work. Heck, some expensive 3d software did calculations in the dongle, and those were ported back to x86. And yes, within a viable timeframe.

So basically, protection your software is more or less a waste of time :)
Posted on 2004-09-09 08:15:16 by f0dder