Background
Maybe in everyday life among us who do not deliberately omit Password
or Serial Number of programs we have purchased. If it were so would be bothered. For
get it back could have with retail stores or contact the program vendor
where the program is purchased. However, if there are regulations which require that the vendor
re buying passwords and serial number is missing, how? For you maybe it
not a problem. But for me it may be one big problem.
From these cases I try to apply usability Win32 Hook. As information,
Such techniques are often used by the world's Reverser Reverse Engineering. For
debugging large files is not easy, takes a long time and
should be supported with hardware that is quite luxurious. Just imagine the size of the file debugging
above 100 MB and therein contain the RSA Crypto?!?! If I still imagine it
was not willing, let alone actually practice it .. LAZY!:)
This paper is not a tutorial, but just an information. Implementation of
I thought by applying the Win32 Hook. So do not expect more huh? . Because here
I'm not asking you to do the reverse engineering or coding in
deep .. LAZY! . Maybe next time .. but do not promise loh ..
Theory
Just knowledge for those who may still be unfamiliar with the terminology programming
and the world of computers, as well as for those who are not programmers (because you mean the same as
I .. :)) or a Win32 Hook Hook is one of the points mechanism for handling messages
(Message-Handling) in Microsoft Windows. Where an application to install a
sub-routine to monitor the message traffic within the system and some specific processes of
the message before it reaches the target window procedure.
Hook themselves included in the category of handles and Object. And included in the specification
User object. So why is "WEIRD" is needed in programming techniques? There are 2 reasons ..
First, the use of objects to ensure that developers
(Developer / Programmer) do not write code specifically for low-level, internal structure. This
allows Microsoft to add or change the operating system capabilities,
throughout the calling convention of the original intact. So if one day Microsoft launched
Operating System, applications made by developers will gain new capabilities
with slight increases or none at all.
Second, the use of an object allows the developer (Developer / Programmer)
benefit from the Win32 security. Each object has a list control
own access (access-control list / ACL) that defines the types of actions the process can be run on the object.
Operating System test an ACL object every time an application tries to
creating a handle on the object.
Windows APIs
SetWindowsHookEx (Referensi USER32.DLL)
HHOOK SetWindowsHookEx(
int idHook, // type of hook to install
HOOKPROC lpfn, // address of hook procedure
HINSTANCE hMod, // handle of application instance
DWORD dwThreadId // identity of thread to install hook for
);
CallNextHookEx (Referensi USER32.DLL)
LRESULT CallNextHookEx(
HHOOK hhk, // handle to current hook
int nCode, // hook code passed to hook procedure
WPARAM wParam, // value passed to hook procedure
LPARAM lParam // value passed to hook procedure
);
UnhookWindowsHookEx (Referensi USER32.DLL)
BOOL UnhookWindowsHookEx(
HHOOK hhk // handle of hook procedure to remove
);
Proof of Concept
Run the Enable Hook, you'll see a small icon in the tray icon with the caption
"MRHPx Enable OFF Hook. " Hook Enable program has been tested in several applications
use password protection and Serial Number at the time of installation, one of which is
DigiFish AncientOcean v1.01. Without a Serial Number that is true you will not be able to
installation program for the "Next" in the status of disabled (Screen. 1)
Screen 1
After that you try to left click with the mouse, the program Enable hooks in the tray icon to
icon and status changes to ON (Screen. 2). Sign means OFF, and the sign means ON. Then try clicking the "Next" disabled who are in the windows installation program earlier.
How? Status changes to Enable and click with the mouse can not?
Screen 2
Conclusion
Why the "Next" which was originally changed to enable disabled? Though Serial
Numbers are still empty, not filled at all? The answer is because in the "handles and
Objects "an application could be reached for Object-existing window handle. Similarly, your
no need to change the TV channel manually, until they have to walk back and forth from your seat to
TV table if there is a remote control in your hands. So although optional Password and Serial
Numbers are true or not true though, the installation will keep running smoothly. Until
here, you've seen the greatness of the Win32 hooks instead. So do not ever underestimate
Win32 APIs Hook before the study. Even the famous FLEXlm protection and even then subject
because of this. For the developers, are still convinced your installer program this protection is
really safe? Please be creative and expression with the Win32 APIs. Thank you hopefully
useful.
Win32 Hook
Kindle, Wi-Fi, Graphite, 6" Display with New E Ink Pearl Technology - includes Special Offers & Sponsored Screensavers
Maybe in everyday life among us who do not deliberately omit Password
or Serial Number of programs we have purchased. If it were so would be bothered. For
get it back could have with retail stores or contact the program vendor
where the program is purchased. However, if there are regulations which require that the vendor
re buying passwords and serial number is missing, how? For you maybe it
not a problem. But for me it may be one big problem.
From these cases I try to apply usability Win32 Hook. As information,
Such techniques are often used by the world's Reverser Reverse Engineering. For
debugging large files is not easy, takes a long time and
should be supported with hardware that is quite luxurious. Just imagine the size of the file debugging
above 100 MB and therein contain the RSA Crypto?!?! If I still imagine it
was not willing, let alone actually practice it .. LAZY!:)
This paper is not a tutorial, but just an information. Implementation of
I thought by applying the Win32 Hook. So do not expect more huh? . Because here
I'm not asking you to do the reverse engineering or coding in
deep .. LAZY! . Maybe next time .. but do not promise loh ..
Theory
Just knowledge for those who may still be unfamiliar with the terminology programming
and the world of computers, as well as for those who are not programmers (because you mean the same as
I .. :)) or a Win32 Hook Hook is one of the points mechanism for handling messages
(Message-Handling) in Microsoft Windows. Where an application to install a
sub-routine to monitor the message traffic within the system and some specific processes of
the message before it reaches the target window procedure.
Hook themselves included in the category of handles and Object. And included in the specification
User object. So why is "WEIRD" is needed in programming techniques? There are 2 reasons ..
First, the use of objects to ensure that developers
(Developer / Programmer) do not write code specifically for low-level, internal structure. This
allows Microsoft to add or change the operating system capabilities,
throughout the calling convention of the original intact. So if one day Microsoft launched
Operating System, applications made by developers will gain new capabilities
with slight increases or none at all.
Second, the use of an object allows the developer (Developer / Programmer)
benefit from the Win32 security. Each object has a list control
own access (access-control list / ACL) that defines the types of actions the process can be run on the object.
Operating System test an ACL object every time an application tries to
creating a handle on the object.
Windows APIs
SetWindowsHookEx (Referensi USER32.DLL)
HHOOK SetWindowsHookEx(
int idHook, // type of hook to install
HOOKPROC lpfn, // address of hook procedure
HINSTANCE hMod, // handle of application instance
DWORD dwThreadId // identity of thread to install hook for
);
CallNextHookEx (Referensi USER32.DLL)
LRESULT CallNextHookEx(
HHOOK hhk, // handle to current hook
int nCode, // hook code passed to hook procedure
WPARAM wParam, // value passed to hook procedure
LPARAM lParam // value passed to hook procedure
);
UnhookWindowsHookEx (Referensi USER32.DLL)
BOOL UnhookWindowsHookEx(
HHOOK hhk // handle of hook procedure to remove
);
Proof of Concept
Run the Enable Hook, you'll see a small icon in the tray icon with the caption
"MRHPx Enable OFF Hook. " Hook Enable program has been tested in several applications
use password protection and Serial Number at the time of installation, one of which is
DigiFish AncientOcean v1.01. Without a Serial Number that is true you will not be able to
installation program for the "Next" in the status of disabled (Screen. 1)
Screen 1
After that you try to left click with the mouse, the program Enable hooks in the tray icon to
icon and status changes to ON (Screen. 2). Sign means OFF, and the sign means ON. Then try clicking the "Next" disabled who are in the windows installation program earlier.
How? Status changes to Enable and click with the mouse can not?
Screen 2
Conclusion
Why the "Next" which was originally changed to enable disabled? Though Serial
Numbers are still empty, not filled at all? The answer is because in the "handles and
Objects "an application could be reached for Object-existing window handle. Similarly, your
no need to change the TV channel manually, until they have to walk back and forth from your seat to
TV table if there is a remote control in your hands. So although optional Password and Serial
Numbers are true or not true though, the installation will keep running smoothly. Until
here, you've seen the greatness of the Win32 hooks instead. So do not ever underestimate
Win32 APIs Hook before the study. Even the famous FLEXlm protection and even then subject
because of this. For the developers, are still convinced your installer program this protection is
really safe? Please be creative and expression with the Win32 APIs. Thank you hopefully
useful.
Win32 Hook
Kindle, Wi-Fi, Graphite, 6" Display with New E Ink Pearl Technology - includes Special Offers & Sponsored Screensavers
0 comments:
Post a Comment