FileMon is a utility that allows you to monitor all operations with files. It has a convenient filter, can save the report in a file. Therefore, it makes no sense to make “secret” files somewhere in Windows/System – it’s elementary to find them.
RegMon is an analog of FileMon, only all operations with the registry are monitored. Similarly to files, it makes no sense to create “secret” keys in the registry – they immediately catch the eye.
PortMon – monitoring of work with input/output ports
TCP_VIEW – TCP-IP connection monitor
RegUtils – a set of utilities for registry control – makes copies of the registry, allows you to compare copies and view changes.
Utilities like FileMon can dramatically simplify the hacking of a program – it is easy to determine the place where the program accesses the specified file or registry key.
Basics of building protection – step by step
How to enter the registration code. Entering a password or registration number is a responsible matter – a hacker will try to catch the memory address in which the password will be written. Then a breakpoint is placed on the address at this address (the BPM command in SoftICE), which allows you to catch the beginning of the registration code verification procedure. If standard Windows input elements are used for input, then the hacker’s algorithm of actions can be formalized and it looks something like this:
Sets a breakpoint for reading text from a standard input element (functions GetWindowText, GetGlgItemText of the KERNEL32 module)
When calling this function, we analyze its parameters and thus determine at which address the read value will be placed and set a breakpoint for accessing this memory area. And it is easy to verify the authenticity of a certain address – after executing the function, the entered string will appear there
When this breakpoint is triggered, we get into the analyzer of the entered value and either make a generator of registration keys, or break the verification procedure. Both are very easy to do – just learn the assembler and API
The set of these actions is standard and I have repeatedly come across detailed manuals like “Hacking Windows programs – step by step”, aimed at an advanced user.
Consider a few solutions that may make hacking difficult at this stage.