Hi Everyone:
I have a question here: I used a startup object to protect my
application - whenever PC starts up, I will check the setting of my
application like registry, program files and so on, if they have been
tampered then I will restore the original settings from the backup
files I store in some hidden place.
However now a guy said he has a tool that able to modify the Windows XP
registry without even login to window - that means he can boot up the
PC from the external drive e.g. USB, diskette and so on. So he is able
to find my startup object registry key and deleted it. As a result, he
able to crack my application without login to the windows.
Could anyone please suggest me a way to prevent this crack? I have
scratched my head but still unable to find a way to counter this since
whatever startup object I used, he also able to remove it from his
hacking tool.
Please help. Thank you very much in advance. 12 1995
I may be misunderstanding your question, but he's going to have to log
on eventually and when he does your program would restore the correct
values, right? So what's the problem? I suppose you'll have to be a
little more specific.
Githlar
No, that guy said he have a hacking tool which is bootable. I never saw
the tool before. He said with that tool, he can gain access to Windows
XP registry without login to windows. He even told me that he can reset
the Windows XP Administrator password to blank. He propose that in
order to prevent him from modify the registry, I can encrypt the
registry. However I feel this is impossible because those registry keys
are used by windows itself and not my application.
Encrypting the registry would be a very drastic measure and not
something that you'd generally want to do. For example, what if your
algorithm messed up. The users registry would be fried. If the malicious
person is booting off of a floppy disk, then they probably won't even be
able to run your program in that 8-bit mode, so I wouldn't think that
you'd have anything to worry about. If they wanted to use your program,
they'd have to boot into 32-bit mode by booting Windows which would
then reset the values. If nothing else, you could just encrypt the
registry values themselves to make it much more difficult for somebody
to change it accurately. Might I suggest a hashing function such as MD5?
Actually the application I am doing is to enhance the windows security,
that means users must pass through my authentication then only they can
proceed to login to windows. However, this guy is a somewhat hacker
that trying to crack my system. So he said he is able to modify the
registry from his hacking tool - booting up the system from either USB,
CD or diskette, then he can change the related registry keys to disable
my application ). As a result, he screw up my application and break my
security. So now he challenges me how can i prevent him from breaking
my application.
To my knowledge, I always assume one must login to windows first
(either SafeMode, Normal or whatever) in order to change the windows
registry. But he told me this is not true, that's why I failed.
Anyone has a better idea to counter this? Thank you very much for any
suggestion. ch*******@gmail.com wrote: Hi Everyone:
[incredibly OT post redacted]
And what, precisely was your C++ language question?
Haha. There's always a workaround. There is no way to prevent his type
of hacking unless you can find a way to initialize you application
before Windows starts. I've personally used a Linux live disk (see http://www.thebroken.org/) to recover my Windows password when it
wouldn't've been possible to do so otherwise because Windows would lock
the files as soon as it starts. Well, I take that back. There is a
workaround to that to using the scheduler service.
I believe the old Norton Antiviruses would scan your disk for viruses
before Windows started. I can't remember that far back, so I could be
wrong. Personally, I know of no way to do this though.
All in all, you'd have to find a way to make your program boot BEFORE
Windows (or his diskette) is able to boot. This would mean making an
8-bit application. Other than that I can't be of much more use to you.
I am sorry, actually my question is more related to Windows Operating
System. Because my program is written in C++, so I posted my question
in this forum. My question is how to prevent people from modifying
registry keys from DOS mode? ch*******@gmail.com wrote: Actually the application I am doing is to enhance the windows security, that means users must pass through my authentication then only they can proceed to login to windows.
You bypassed NT login? I highly doubt it.
However, this guy is a somewhat hacker that trying to crack my system. So he said he is able to modify the registry from his hacking tool - booting up the system from either USB, CD or diskette, then he can change the related registry keys to disable my application ).
So in other words, he's using http://home.eunet.no/pnordahl/ntpasswd/
As a result, he screw up my application and break my security. So now he challenges me how can i prevent him from breaking my application.
To my knowledge, I always assume one must login to windows first (either SafeMode, Normal or whatever) in order to change the windows registry. But he told me this is not true, that's why I failed.
Anyone has a better idea to counter this? Thank you very much for any suggestion.
You can't, if somebody has physical access to a machine, you've already
lost. The windows process is a closed system with your program running
inside it. Somebody running outside that closed system (i.e. running
windows inside a VM or reading the disk without booting to the OS on
the disk you expect to be running under) can always do whatever they
want. You can require your program only work on a Trusted Computing
(misnomer alert) machine if you want to protect against this sort of
thing. But as a user, I'd appreciate you not messing around with my
computer making sure your program cannot be manipulated.
p.s. This is totally off topic for comp.lang.c++
p.p.s. http://cfaj.freeshell.org/google/ ch*******@gmail.com wrote: I am sorry, actually my question is more related to Windows Operating System. Because my program is written in C++, so I posted my question in this forum. My question is how to prevent people from modifying registry keys from DOS mode?
Standard C++ has no notion of registry keys or DOS mode.
Please ask your question in a Microsoft specific newsgroup, you'll get
more and better responses.
Ok, thank you very much for all the comments. Appreciate very much of
all the provided help.
I will post my question to correct forum next time. Anyway, thank you.
Hello,
Actually it is possible to reset lost or forgotten login pass, using
such util like Active@ Password Changer. It is easy to use and can
quickly perform the operation. I suppose you will find it useful. http://www.password-changer.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: cefrancke |
last post by:
I have set the Startup properties to the following...
All menus, toolbars, etc are turned off plus these are unchecked
Allow Full Menus
Allow Built-in Toolbars
Allow Default Shortcut Menus...
|
by: Chris Ashley |
last post by:
I have a class called App set as the startup object with the following code:
Friend Class App
Shared Sub Main()
Dim FrmMain As New MainForm
Application.Run(FrmMain)
End Sub
End Class
In...
|
by: Johnnie Miami |
last post by:
I'm using VB.Net 2005 beta 2 and have my login form (login.vb) specified as
the startup form. If the user is successful logging in, I call my main form
(main.vb). This all works fine but the...
|
by: MilanB |
last post by:
Hello
What is the best way (or does it exists a way at all) to protect WinForm
application
from decompiling IL.
Can it be full compiled yo windows native before distribution.
And what is...
|
by: Bernie Hunt |
last post by:
This is probably a silly question, but I've gotten myself confused.
My app has two forms, form1 and form2. form1 is the start up object in the
propers. An event in form1 instantiates form2.
...
| |
by: steveeisen |
last post by:
I'm a long-time VB6 programmer in a shop that is mostly moving to VB
..NET 2005. And I'm confused about coding the start of solutions for
unattended operations.
Much of what I write is old-time...
|
by: cj |
last post by:
In 2003 I sometimes changed the startup object of a project to Sub Main
which was found in Module1.vb. I upgraded one such project to 2005 and
I notice in the properties page for the project that...
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help...
|
by: =?Utf-8?B?TWlrZQ==?= |
last post by:
Hi. I have an ASP.NET 2.0 web application which contains an Images directory
with all website images. How can I prevent other websites from creating img
tags with the source as my images? I want...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |