Counting the number of times the program has been executed 1

[gobiro]

Hi,

Is this possible to write a code that modifies a variable within the EXE file ? I need the procedure for counting the number of times a program has been executed. Without registry, extra files or anything a user could find. You now what I'm talking about.

In the old MS-DOS apps that could be done using _psp variable
(Program segment prefix) and SEG/OFFSET of the global variable. In Win32 there is no such a thing.

The main problem is to find the position inside the EXE file generated that coresponds to the variable itself. Then I should find a way to actualy write in the file opened for execution.

Can anybody help ?
Thanx

 

[NiceButDim]

I've never heard of a facility to do what you want.
The only way I can think of doing it would be to search for a something in the .exe that you know is safe to alter.
For example;

#include <iostream.h>

void dummy(int i);

int main()
{
dummy(4);
return 0;
}

void dummy(int i)
{
if(i==1)
cout << &quot;ABCDEFGHIJKLMNOP&quot;;
}

In the .exe that this would produce you could search for 'ABCDEFGH' and then alter the next few characters to hold a count.
Very messy, but it would work.

 

[gobiro]

In MS-DOS Envinronment THIS works !

#include <dos.h>
#include <stdio.h>
#include <string.h>

int Times=1;
char ExeName[50];

void main(int argc, char *argv[])
{
static unsigned long ExePos;
unsigned TSeg, TOff, Header;
FILE *f;

printf(&quot;\nProg: %s&quot;, argv[0]);
strcpy(ExeName,argv[0]);

unsigned PSP_Seg=getpsp();

asm{
mov TSeg, SEG Times
mov TOff, OFFSET Times
}

ExePos=16*(TSeg-PSP_Seg)+TOff-0x100;
printf(&quot;\nExePos=%d&quot;,ExePos);

//get EXE file header
f=fopen(argv[0], &quot;r+b&quot;
fseek(f,0x08,SEEK_SET);
Header=getw(f);

//get Times location relative to begining of file
printf(&quot;\nHeader=%d&quot;,Header);
ExePos+=16*Header;
printf(&quot;\nExePos=%d&quot;,ExePos);

//read Times from EXE file !
fseek(f,ExePos,SEEK_SET);
Times=getw(f);
printf(&quot;\nCount: %d&quot;,Times);

//modify Times
fseek(f,ExePos,SEEK_SET);
int Modi=Times+1;
putw(Modi,f);
fclose(f);
}

----
But this depends on psp related functions wich are
of no use in a protected environment. If you try an
ASM code that tries to read the PSP segment/offset
you will get a Blue screen of course.

I need something like this, but Win32 compatible.
I don't know if it's possible...

Thanx

 

[mingis]

What the difference, actually, where to save secret data? The clever user can simply crack your counters:
fc saved_exe_file.exe changed_exe_file.exe /b
or restore original .exe from archive. More safe way to fight against crackers is to save your counters in CMOS (if Windows allowes that) or in secret file somewhere deeply under Windows directory.

 

[qednick]

Yes, the best way to do this is to get the path to the windows or system directory and save a file in there which has some archane name that looks like it's an essential part of the system (and not related to your program). People are less likely to mess around with items in the system folder when they don't know what the item is and what its used for.
However, be aware that even this method is not perfect - there are utilities out there that can take a &quot;snapshot&quot; of directories before an installation and then after an installation and compare what has been added since your program was installed.

On saying this, this is the method I always use and I have never had any problems to date.

You can get the windows directory in a buffer like this:

[tt]char winDirPath[MAX_PATH];

::GetWindowsDirectory(winDirPath,MAX_PATH)[/tt]



PS: Whatever you do, don't save in the registry or your application itself.

^{programmer (prog'ram'er), n A hot-headed, anorak wearing, pimple-faced computer geek.}​

 

[palbano]

gibiro,

>> Without registry, extra files or anything a user could
>> find. You now what I'm talking about.

Yes I remember using the _psp back then. However even that is not foolproof. It is simple enough to open the exe in a hex editor and modify it's contents.

qednick is on target with his post. Then you can complicate it as much as you want by creating cross dependencies in several files. You can even use a DLL that you load dynamically. This way you can write to it as one of your files to keep data in and after it is loaded a simple function call to obtain the data.


Good luck
-pete

 

[tchouch]

Write somewhat in Your exe File by execution You can with Assembler code only - it is not very easy. The easier way is, to make copy of Your application, change it as You wish and start Your program from this new changed file.
Then You can delete old File, copy the changed File to newest file with original name of Your application , start the program from this newest file and delete the first copy (i mean, programmatically, not with an editor). You can change creation time of the new File to do not show Your changes. But all it does not give any warranties.
To avoid editing of Your EXE with hex-editor, easy control by each program start sum of bytes of your file.
You can save the sum with another number in the file itself to make sum of bytes constant.
To avoid debug/disassemble your files, chek execution time of any commands sometimes and exit if it is too long. A good idea is, to use IsDebuggerPresent() on NT/2000/XP. On windows 9x/ME, You can use DebugBreak() in release version (to avoid crash, You should then change Exception Handling in Your application).
But all that has no effect, if anybody really wish to crack Your File, is clever and has enough time for that.

 

[Polu]

Hello all.

Again, I've to say that all those complex and sophisticated ways to protect software from piracy are all of them a waste of time.

Always, and I said *ALWAYS*, there will be a line like this in your hard-to-find-and-very-secret-anti-piracy-code:

if (<someExpresion>)
{
disableSoftware();
}

Well, to crack is as easy as, or as difficult as to trace and find where in the .exe is this 'if'. When you know where it is, you are ready to write a crack to replace the JXX instruction (JGE: jump if greater or equal, JL: jump if less, etc) with a JMP (JMP = goto).

I think that social engineering and legal battles are more useful than all this stuff.

Best Regards.

Polu.

 

[NiceButDim]

True, of course, that your determined pirate can bypass all your attempts to stop him. But that doesn't mean that you shouldn't at least attempt to stop the casual and/or less experienced pirate.

 

[palbano]

PencilBiter,

This is what I believe which is why I think a minimal effort into some safe guard is all I am willing to make.

With that said I really liked what tchouch posted even though I might move the logic around just a little.

-pete

 

[tchouch]

Hi Polu,
You are right. All programms have such places, but some programs have MANY (i == N) such places:
if (<someExpresion_i>)
{
disableSoftware_i();
}
and it is not easy to find out all of them. And if somebody needs to find and replace over 30-50 such places and program costst are not 1000 US$ and more, all strings like &quot;disable&quot;, &quot;expired&quot;, &quot;registration&quot; etc. are maked dynamically, there are no master keys and registration key is not the same for all PC's, You have good security.

 

[palbano]

>> even though I might move the logic around just a little.

Geez I thought someone would ask what I meant by that.

Anyway I would use the resource api's. That makes reading the information simple when you are actually executing.

Then updating the target file is simple as well. Then instead of the target file being a copy of the application it is instead a separate license server window-less application!

tchouch, that is so simple I have been slapping myself all day for not thinking of that! LOL

-pete

 

[Polu]

Hello tchouch

I've been wrestling hard other questions and I had *NOT* time to write to you those past days but I would like to know more about different registration keys in different PC's. do you look for serial numbers in hardware? and what if a user install new hardware or buy a new PC? Please, tell me more about those questions.

Best Regards.
Polu

 

[tchouch]

If You do not wish to send new key after each hardware change, the better way is to use user's name/Computer name or SID ( NT/2000/XP).
Then You can check IP/Network provider/Windows Key too.