PDA

View Full Version : How about making DT a service?



prompt
16.03.2003, 15:25
In Win NT, XP, 2000 and in someway 98, 95 there is the ability to make services which are run when the PC boots (u can turn em off) why not make DT a service and give it a CPL and really integrate it into the system?

Development
16.03.2003, 15:29
Daemon is a kernel mode driver working at most privileged level.

Player1
17.03.2003, 22:07
Would it be possible that Daemon-Tools can't be seen in Task manager?
Could this help to prevent blacklisting of Daemon-Tools?

Sloopy_DE
17.03.2003, 22:29
Hi,

first of all i'd like to say that I'm sure that Venom386 took all thinkable precautions to prevent DT from getting blacklisted.

One simple precaution is to program the virtual drive to behave exactly like a real cd-rom drive. Real drives do NOT use a services to work, they use a device driver and so does DT. Its as simple as that!

If you have a close look on the principles of the DT driver you will discover that it is REALLY close to a real cd-rom device driver. For me as an amateur programmer it would be impossible to decide in a check program if a drive is real or virtual. And as far as i know the guys at macrovision, sony and so on have a really tough job to detect DT, they keep on trying but they will fail over and over again (i hope :)).

To say it again, i'm absolutly confident that Venom knows what he's doing.

Sloopy_DE

Player1
17.03.2003, 22:37
Yes, but if you can see Daemon.exe in task manager it is easy to block daemon tools, I know the guys from DT are really good and I have no doubt they can circumwent any blacklist.

I'm no programmer, but it seems to be obvious that this would be a good way to detect Daemon-tools. What do you think about it?

Andareed
17.03.2003, 22:45
@player1: Daemon.exe does not need to be running for dameon tools to work. It is used only to comminicate with driver to change optinos, mount, etc...

You can, in fact, create an alternative frontend which will do everything that daemon.exe does.

Either way, there are ways to make daemon.exe disappear from the tasklist. Perfect keylogger from blazing tools does this, for example.

@sloppy_de: It is difficult to decide whether a specific drive is a virtual one, but detected if daemon tools is installed is much easier. But many trivial ways can be easily fixed in daemon tools update; imo, securom tries to make blacklist methods that will be very hard for venom to overcome (but he does get around these blacklists everytime :D )

Player1
17.03.2003, 22:54
OK, but I still suggest the daemon.exe if possible to prevent blacklisting DT by these.

LocutusofBorg
17.03.2003, 23:03
all companies try to detect the installation of Daemon Tools or use other more sophisticated methods to overcome DT, like Andareed already stated - every blacklist makes it necessary to analyze the methods very carefully, the "usual suspects" don't rely on such easy methods like detect daemon.exe, even if they did, countermeasures will take effect really fast.

But thank you for your suggestion anyways

Player1
17.03.2003, 23:16
First I saw daemon.exe and havn't thought on daemon-tools I thought it was a trojan, like I had one before, maybe some other users thought the same and this could prevent this too.

Could someone tell me if its difficult to hide it or how it woks?

duggy
20.04.2003, 11:00
as the previous checks have been defeated and are therefore not really an issue can you list some of the things that they have tried to do to detect DT?. I'm currious and it could be intresting.....feel free to skip over important points or make it a little "gray" if you dont want to give too much away, just the general idea is enough so we can see how sneaky these guys have been :lol: