从 Resource Hacker 到 Heaventools PE Explorer 1.99 R6

http://forums.windowsforum.org/index.php?showtopic=33778

 

找引擎, 发现有些引擎exe都是不压缩的, 也就是, 如果感染病毒, 照样可以运行.

然后, 就随便找了两个, 用ResHacker装模作样修改成"新"版本, 加上自己的图标和信息...

但也碰到压缩过的引擎, 这类引擎的资源不容修改, 一旦修改, 立即罢工, 病毒就无可奈何... 类似技术1999以前就有...

 

Resource Hacker is a tool to hack Windows system files. You can edit system files and change the look of dialog boxes, menus and many other things the way you like.

Following are a few screenshots of a few interesting hacks which can be done using Resource Hacker:



http://img459.images...untitled7gu.jpg

http://img354.images...ntitled23nx.jpg

http://img354.images...ntitled32jt.jpg

http://img299.images...ntitled28ey.jpg

Above are just a few examples. You can use Resource Hacker for changing almost everything you want.

I have posted my resource hacker tutorial at my site, I got a gr8 response from ppl in various forums. So pls take a look at the tutorial and lemme know how is it? If you want to ask anything, feel free to ask.

All About Resource Hacker in a brief Tutorial

To read all resource hacker tutorials:

All Resource Hacker Tutorials

0

---

#2   APK 

• 
• Newbie
• 

• Group: WF Member
• Posts: 98
• Joined: 22-November 07
• Gender:Male
• Location:A discrete point in the space-time continuum...

Posted 09 May 2008 - 14:30

Vishal Gupta, on Nov 26 2007, 04:16, said:

Resource Hacker is a tool to hack Windows system files. You can edit system files and change the look of dialog boxes, menus and many other things the way you like.

Heh, I would bet you CANNOT do that to my programs, (only 3, I have others online, but these ought to do as examples), here:

====================================
APK REGISTRY CLEANING ENGINE 2002++ SR-7:
====================================



http://www1.techpowerup.com//downloads/389...ooglehappy.html

http://www.techpowerup.com//downloads/389/...ooglehappy.html

====================================

OR, this "Matrix ScreenSaver" I wrote years ago in 1999:

====================================
APK MATRIX SCREENSAVER:
====================================



http://www1.techpowerup.com//downloads/390...creenSaver.html

http://www.techpowerup.com//downloads/390/...creenSaver.html

====================================

OR, to this one I just recently released (for Dr. Who fans worldwide)

====================================
APK DOCTOR WHO SCREENSAVER 2008++:
====================================



http://www.drwhodail...p?showtopic=386

====================================



Why & how does it work? Well - Because every app I have ever written & put out online for "general public consumption/usage" is a "compressed executable" (for security purposes) first of all...

(& when you try to do alterations to them, by using ResHacker (or, tools like it)? You'd first try to do it w/ out uncompressing them... this will fail, & IF you uncompress them?? It WILL FAIL AGAIN - the apps check themselves vs. alteration in a built-in rudimentary self-check/self-test vs. viral infection mainly, so they do not help "spread the disease" so-to-speak)

However - in my apps, You can @ most, ONLY get to the "version strings" (which I allow viewing & alteration of via right-click on a program & using the PROPERTIES popup menu item that appears)... & I COULD STOP THAT as well, but I don't because then it would not show any version info. @ all were I to protect vs. that...

STILL, as far as the interface, & altering ANY of those 3 programs of mine above, by using reshacker?

Well, try it & see...

All 3 programs above (& any others I have put out in freeware since 2002, but not ones I have done prior to that) will reject such changes, & refuse to run (after signalling you of this alteration occurring)... Simply because programs like ResHack alter the size &/or CRC-32 of the executables!

(So do binary infecting viruses as well - the change you will create signals possible corruption, tampering, OR even virus infection of my apps - to which they immediately notify you, & shut themselves down (to help stop virus infections &/or those who alter programs as you are noting a way to do this)).

This technique? It works... against:

Virusal infections of programs vs. "std. oldschool" binary infecting viruses (most importantly, helping to help STOP from spreading them)

Disassembly/code theft/hacking of my work by others

Programmatic corruptions (which happens sometimes, due to filesystem errors even)

Proof?

At last years' "CODING FOR DEFCON" (security oriented competition in coding practices)? This went over pretty well, & here is some 'proof to that effect':

********************************************************************************

APK INTERNAL PROGRAM PROTECTION METHOD (FILESIZE &/or CRC32 CHECKING) FOR BUILT-IN RUDIMENTRY ANTIVIRUS/CORRUPTION/ANTIHACK SELF-PROTECTION FOR APPS (MODDED UP @ "CODE AUDITING FOR DEFCON" POST @ SLASHDOT (famous geek website)):

http://it.slashdot.org/comments.pl?sid=158...mp;cid=13257227

********************************************************************************

Where this "technique" was "modded up" as technically interesting, which I suppose is the equivalent of "star ratings" on most other forums...

(& that occurred @ a forums section where the very famous in this field "hang out" no less, such as John Carmack of IDSoftware no less, as 1 example thereof)

This may sound a bit weird, but, being modded up there is sort of an "honor" imo, because after 15++ yrs. online as a professional coder in this field? I think they truly have the MOST talented folks technically in 1 spot there is online (just my opinion though).

APK

P.S.=> Truth be told? Well, IF EVERY APPLICATION DID THIS (very simple idea too)? We'd have a LOT LESS viruses of the executable/binary infecting type, period... apk

This post has been edited by APK: 09 May 2008 - 14:45

"I'm REESE: Sgt. TechComVN38416, assigned to protect you - YOU'VE BEEN TARGETTED, FOR TERMINATION!"