从 Resource Hacker 到 Heaventools PE Explorer 1.99 R6
来源:互联网 发布:win7管理员运行cmd网络 编辑:程序博客网 时间:2024/04/29 08:32
http://forums.windowsforum.org/index.php?showtopic=33778
找引擎, 发现有些引擎exe都是不压缩的, 也就是, 如果感染病毒, 照样可以运行.
然后, 就随便找了两个, 用ResHacker装模作样修改成"新"版本, 加上自己的图标和信息...
但也碰到压缩过的引擎, 这类引擎的资源不容修改, 一旦修改, 立即罢工, 病毒就无可奈何... 类似技术1999以前就有...
Resource Hacker is a tool to hack Windows system files. You can edit system files and change the look of dialog boxes, menus and many other things the way you like.
Following are a few screenshots of a few interesting hacks which can be done using Resource Hacker:
http://img459.images...untitled7gu.jpg
http://img354.images...ntitled23nx.jpg
http://img354.images...ntitled32jt.jpg
http://img299.images...ntitled28ey.jpg
Above are just a few examples. You can use Resource Hacker for changing almost everything you want.
I have posted my resource hacker tutorial at my site, I got a gr8 response from ppl in various forums. So pls take a look at the tutorial and lemme know how is it? If you want to ask anything, feel free to ask.
All About Resource Hacker in a brief Tutorial
To read all resource hacker tutorials:
All Resource Hacker Tutorials
#2
Posted 09 May 2008 - 14:30
Vishal Gupta, on Nov 26 2007, 04:16, said:
Heh, I would bet you CANNOT do that to my programs, (only 3, I have others online, but these ought to do as examples), here:
====================================
APK REGISTRY CLEANING ENGINE 2002++ SR-7:
====================================
http://www1.techpowerup.com//downloads/389...ooglehappy.html
http://www.techpowerup.com//downloads/389/...ooglehappy.html
====================================
OR, this "Matrix ScreenSaver" I wrote years ago in 1999:
====================================
APK MATRIX SCREENSAVER:
====================================
http://www1.techpowerup.com//downloads/390...creenSaver.html
http://www.techpowerup.com//downloads/390/...creenSaver.html
====================================
OR, to this one I just recently released (for Dr. Who fans worldwide)
====================================
APK DOCTOR WHO SCREENSAVER 2008++:
====================================
http://www.drwhodail...p?showtopic=386
====================================
Why & how does it work? Well - Because every app I have ever written & put out online for "general public consumption/usage" is a "compressed executable" (for security purposes) first of all...
(& when you try to do alterations to them, by using ResHacker (or, tools like it)? You'd first try to do it w/ out uncompressing them... this will fail, & IF you uncompress them?? It WILL FAIL AGAIN - the apps check themselves vs. alteration in a built-in rudimentary self-check/self-test vs. viral infection mainly, so they do not help "spread the disease" so-to-speak)
However - in my apps, You can @ most, ONLY get to the "version strings" (which I allow viewing & alteration of via right-click on a program & using the PROPERTIES popup menu item that appears)... & I COULD STOP THAT as well, but I don't because then it would not show any version info. @ all were I to protect vs. that...
STILL, as far as the interface, & altering ANY of those 3 programs of mine above, by using reshacker?
Well, try it & see...
All 3 programs above (& any others I have put out in freeware since 2002, but not ones I have done prior to that) will reject such changes, & refuse to run (after signalling you of this alteration occurring)... Simply because programs like ResHack alter the size &/or CRC-32 of the executables!
(So do binary infecting viruses as well - the change you will create signals possible corruption, tampering, OR even virus infection of my apps - to which they immediately notify you, & shut themselves down (to help stop virus infections &/or those who alter programs as you are noting a way to do this)).
This technique? It works... against:
- Virusal infections of programs vs. "std. oldschool" binary infecting viruses (most importantly, helping to help STOP from spreading them)
- Disassembly/code theft/hacking of my work by others
- Programmatic corruptions (which happens sometimes, due to filesystem errors even)
Proof?
At last years' "CODING FOR DEFCON" (security oriented competition in coding practices)? This went over pretty well, & here is some 'proof to that effect':
********************************************************************************
APK INTERNAL PROGRAM PROTECTION METHOD (FILESIZE &/or CRC32 CHECKING) FOR BUILT-IN RUDIMENTRY ANTIVIRUS/CORRUPTION/ANTIHACK SELF-PROTECTION FOR APPS (MODDED UP @ "CODE AUDITING FOR DEFCON" POST @ SLASHDOT (famous geek website)):
http://it.slashdot.org/comments.pl?sid=158...mp;cid=13257227
********************************************************************************
Where this "technique" was "modded up" as technically interesting, which I suppose is the equivalent of "star ratings" on most other forums...
(& that occurred @ a forums section where the very famous in this field "hang out" no less, such as John Carmack of IDSoftware no less, as 1 example thereof)
This may sound a bit weird, but, being modded up there is sort of an "honor" imo, because after 15++ yrs. online as a professional coder in this field? I think they truly have the MOST talented folks technically in 1 spot there is online (just my opinion though).
APK
P.S.=> Truth be told? Well, IF EVERY APPLICATION DID THIS (very simple idea too)? We'd have a LOT LESS viruses of the executable/binary infecting type, period... apk
This post has been edited by APK: 09 May 2008 - 14:45
- 从 Resource Hacker 到 Heaventools PE Explorer 1.99 R6
- 从Resource中获取到
- PE Explorer 1.98
- PE Explorer 1.98 R3
- icescrum 升级到 R6 10
- icescrum 升级到 R6 10
- 我与Python | 从Hacker到探索Deep Learning
- R6
- r6
- CFF Explorer: New PE Editor
- PE Explorer v1.98 R2
- PE Explorer 1.98 Revision 4
- 破解“PE Explorer”1.40版
- 从excel导入到 resource 文件
- 把应用程序从 Internet Explorer 迁移到 Mozilla
- 把应用程序从 Internet Explorer 迁移到 Mozilla
- 把应用程序从 Internet Explorer 迁移到 Mozilla
- 如何移植JSP从IE (Internet Explorer) 到 Mozilla Firefox
- Choreography and Orchestration
- xorp-1.6的安装
- 继续畅通工程
- SO_DONTROUTE和SO_BINDTODEVICE的深层次分析
- arp协议的混乱引发的思考
- 从 Resource Hacker 到 Heaventools PE Explorer 1.99 R6
- [Silverlight 4 RC]RichTextBox概览
- 写于2010年8月15
- 网络默哀;网站变灰色---CSS样式
- E销助手软件(销售员的软件)
- js字符串处理函数
- sql中exist与in的区别
- Vi 查找命令的使用
- java.io