Programs in memory

[Marks256]

When a program is loaded, it is first copied to RAM, and then executed, right? If so, theoretically if you were to alter or scramble the code that is in memory, the program would fault out, right?

 

[Sceadwian]

Depends entirely on the system you're using, and the program itself. Modern operating systems go to pretty extreme lengths to issolate program memories from access from anything other than the program that's supposed to have access to it. Devices like PIC's read each instruction and execute them one by one directly from storage (flash/ee(prom)

 

[Marks256]

Sorry, i mean in a PC...

 

[Sceadwian]

Sure, there's a program called SoftIce which actually allows you to search and alter a programs memory while it's running on windows based systems, without windows knowing. It's most often used for cracking software or game cheats. Kind of like a very sophisticated version of a Game Genie.
Why are you asking?

 

[tkbits]

When a program is loaded, it is first copied to RAM, and then executed, right? If so, theoretically if you were to alter or scramble the code that is in memory, the program would fault out, right?

Let's just say that with an arbitrary alteration, there is a high probability of faulting. You could end up with a program that just ran without stopping, or simply produce wrong results.

Controlled alteration was used to implement indirect addressing back in the days when the instruction sets didn't support it. Indirect addressing can be used in lieu of "index registers" for accessing, for example, values in an array.

 

[ljcox]

Sure, there's a program called SoftIce which actually allows you to search and alter a programs memory while it's running on windows based systems, without windows knowing. It's most often used for cracking software or game cheats. Kind of like a very sophisticated version of a Game Genie.
Why are you asking?

I have thought about altering software (not to crack it but to make it do what I want) but have always assumed that it would be in machine code and therefore just a confusing array of 1s and 0s.

I know that, in principle, it could be decoded if you had a copy of the instruction list, but it seems a daunting task.

So how do people crack code? Is it how I wrote above, ie. work backwards from the instruction list, or is there an easier way?

I assume that SoftIce simply gives acces to the code. Or does it translate it into a higher level language?

 

[kchriste]

I know that, in principle, it could be decoded if you had a copy of the instruction list, but it seems a daunting task.

You can download a dissassembler (Like W32DASM, etc) to do this. Mind you, most code will have been written in C, C++, Vb, etc and will look pretty cryptic even when viewed as a dissassembly listing.
You may have more fun with a resource hacker program.

 

[ljcox]

Thanks. It sounds a bit daunting, so perhaps I won't bother.

 

[Nigel Goodwin]

Thanks. It sounds a bit daunting, so perhaps I won't bother.

It is, I did quite a lot of 'protection removal' on Commodore Amiga programs, not for any piracy reasons - but simply so you could run them from HDD rather than floppy.

 

[Marks256]

Don't worry guys, i don't plan on doing any cracking(yet)... Well, technically what i am trying to do IS considered cracking, but i am doing it more or less just to see if i can..


It seems to me that "SoftICE" has been discontinued, and i can not find it on the net? Anyone have it, and care to share? If not, anyone have a link? (or an alternative, preferably freeware?)

 

[mramos1]

Marks256:

Then softice is the tool.. Not that I have done that.. If Windoze and want to stop the prefetch/OS.. Get softice. It is not free, or was not when I used it.

 

[kchriste]

It seems to me that "SoftICE" has been discontinued, and i can not find it on the net?

Do a search for TRW2000 It is like SoftIce, but it's been years since I was into this, so I can't say how good a debugger it is now....

 

[Marks256]

is this "TRW2000" free?

 

[Sceadwian]

What exactly do you want to alter? If you're not wanting to do anything overtly nefarious like cheating or cracking software then use similar open source software and alter the code yourself, it'll be easier =) Cracking into a commercial program to get what you want done is pretty much a waste of time.

 

[Marks256]

Actually i want to see if i can scramble a bunch of stuff that the program needs to run, just to see if i can make the program fault out, and possibly terminate its self.

It isn't that i want to alter code, as that would be stupid... What i want to do is make the program get confused...

 

[mramos1]

What exactly do you want to alter? If you're not wanting to do anything overtly nefarious like cheating or cracking software then use similar open source software and alter the code yourself, it'll be easier =) Cracking into a commercial program to get what you want done is pretty much a waste of time.

If that is what he is after I agree unless he has time and knows the OS well.

 

[Marks256]

I know windoz pretty well. here is my delima:

I have a program running on a machine that was started in a superior user account (administrator). I want to disable this program, but i do not have the rights to do such a thing within my account. I do have access to the admin account, but i do not want to disable the program completely (as other users use the machine.) I thought that i could scramble the code in memory for the program and hope that it faults out...

If not i guess i could just see if i could firewall the program...


More details later. I am dog tired right now and i am sure i left some stuff out...

 

[Sceadwian]

Randomly scrambling program memory for fun is not a good idea =) Even random bytes could perhaps cause instructions to execute that could corrupt memory inside the OS's kernel or driver modules. There is no way of predicting what that would do. Could be as simple as causing a program crash, a system fault, reboot, power down, or corrupting key registry or index data on the hard drive rendering your PC unbootable.

 

[Sceadwian]

What program are you trying to disable? I garuntee you there's a more sane way around it.

 

[Marks256]

The software is called SynchronEyes. The Tech Coordinator at my school knows that i hate the software (frankly because i didn't make it... ), and he as challenged me to find a way to hack it.

I have already found a few ways to close it;

1) Right click on the icon in the System Tray, and then select "exit"
2) Unplug the Ethernet cable, and then disable the program (once a teacher has logged on and connected with a group of students, the program can not be closed unless the connection is lost).



Now before you people get all "you are a student and should not be messing with stuff like that, as it is destructive", i already have administrative rights to the network(given to me by the tech coordinator himself), so if i wanted to do something bad, i would have already.


Anyways, although the two ways i have stated above work flawlessly, i would like to do something a bit more "hi-tech".


The problem is, anything i do must only affect my account, and not others'. I don't want to provide security holes for other students, as i am sure they would want to cause harm... Anyone have any ideas?

My current best two ideas are;
1) Write over the program in memory with "0"
2) find some sort of portable firewall and try to block the programs' port to the network...