Page 1 of 2 12 LastLast
Showing results 1 to 10 of 11

Thread: Avoid blacklist trick for DT

  1. #1
    Experienced User

    Join Date
    07.07.2005
    Posts
    384

    Default Avoid blacklist trick for DT

    This is probably too late for DT4, but could be useful in the future.

    Anyway, I once used a keylogger that allowed the user to change the names of the files to a single name at the end of the installation, that could trick a user in thinking it was legitimate software. Sounds complicated, so I've given an example below.

    If this was implemented in DT3, and I choose the name of the files to be "mshelp", then the name of the DT3 files in the install dir would be as follows:

    • daemon.exe = mshelp.exe
    • pfctoc.dll = mshelp.dll
    • 1033.chm = mshelp.chm
    • 1033.dll = mshelp.dll
    • etc
    • etc


    I reckon this could be useful against copy protections that might (in the future) look for common file name. At the rate Starforce invades privacy, who know what they might cook up next.

    I ain't no programmer :-(, but I'm sure the DT team would find a way to implement this.

  2. #2
    Experienced User

    Join Date
    27.09.2005
    Posts
    822

    Default

    sorry, sounds like a totally idiotic idea, the blacklisting usually isnt just a simple name check, its a bit more advanced than that

  3. #3

    Default

    Give the man a break! These days nothing seems stupid anymore, at the rate protections are "cooked" up by night. And quit that attitude with, I'm smart, big programmer, and the rest of you suck.
    Cheers!

  4. #4
    Experienced User

    Join Date
    07.07.2005
    Posts
    384

    Default

    Quote Originally Posted by evlncrn8
    sorry, sounds like a totally idiotic idea
    Lets hear the opinion of the DT team first

  5. #5

    Default

    nowadays, copyprotections are very advanced complex
    applications. They usually don't search for file-names as
    it's simply too easy for us to change them, f.e. we can
    without a problem release every day new version with new
    filenames - but the "advanced" protections search for bitpatterns
    in memory (just as an example), or other traces, registry-
    entries and so on.

    Important corefiles can be even now renamed to whatever user
    want them to be named. (because protections searched
    for the old driver-names). So yes, the idea is not bad in
    general but already implemented where it is necessary

  6. #6
    Experienced User

    Join Date
    07.07.2005
    Posts
    384

    Default

    Alright, cheers.

  7. #7

    Default

    Quote Originally Posted by LocutusofBorg
    nowadays, copyprotections are very advanced complex
    applications. They usually don't search for file-names as
    it's simply too easy for us to change them, f.e. we can
    without a problem release every day new version with new
    filenames - but the "advanced" protections search for bitpatterns
    in memory (just as an example), or other traces, registry-
    entries and so on.

    Important corefiles can be even now renamed to whatever user
    want them to be named. (because protections searched
    for the old driver-names). So yes, the idea is not bad in
    general but already implemented where it is necessary

    Now that is how you answer ppl!

  8. #8
    Experienced User Nikos's Avatar
    Join Date
    13.10.2005
    Posts
    334

    Default

    Quote Originally Posted by LocutusofBorg
    but the "advanced" protections search for bitpatterns
    in memory (just as an example)
    Hmm. I'm not aware of any protection that does that (yet).
    To contact me privately, pray. I might answer.

  9. #9

    Default

    I'll take his word for it.

  10. #10

    Default

    Does anyone else think that copy protection is bordering on being rediculous?

Page 1 of 2 12 LastLast

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •