Path: news.nzbot.com!not-for-mail
From: jirinej@volny.cz (JN)
Newsgroups: alt.new.cracks
Subject: Re: How to prevent checking
Date: 5 Nov 2003 02:17:00 -0800
Organization: http://groups.google.com
Lines: 44
Message-ID: <7e29a94a.0311050217.6f669b99@posting.google.com>
References: <7e29a94a.0310300135.38bb3dae@posting.google.com> <vdc3qv0ffcavkd8v2pg42dratij1uehkic@4ax.com>
NNTP-Posting-Host: 195.128.197.61
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1068027420 32106 127.0.0.1 (5 Nov 2003 10:17:00 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Wed, 5 Nov 2003 10:17:00 +0000 (UTC)
Xref: news.nzbot.com alt.new.cracks:384
Thanks for an answer. I think that the firewall solution would be the
only achievable. My knowledge of CPU instructions ended long ago with
8080 chip. The mentioned proxy logs - they are unavailable to me. I am
connected to internet via company LAN network and everything outside
my computer is inaccesible. But I found utility called TDImon which
could trace the conenctions. Can you please recommend me some simple
firewall? Everything I need is to block selected outgoing connections,
so no need to install any professional applications like Norton or
McAfee... Thanks.
Niadh <no@spam.com> wrote in message news:<vdc3qv0ffcavkd8v2pg42dratij1uehkic@4ax.com>...
> here are two ways to deal with it. the first is the (imo) 'right' way
> and the second is the easy way to deal with it.
>
> option 1: I'd grab a copy of the proxy logs and search for unknown
> connections from the cracked program. once i found out the destition
> ip/port i'd disasm the program and look for the ip/domain/port in the
> string refs/program data. depending on what the program's primary
> function is you may be able to skip searching through the logs. if the
> app doesn't deal with tcp/ip for anything else but to check if it's
> cracked then you could just search the disasm for a call to
> wsock32.inet_addr or wsock32.setsockopt. i'd then just trace back
> until i found where in the main program it gets called and nop it.
>
> option 2: get yourself one of those 'personal firewall' programs that
> run in that background. set it to log every conection. close all other
> network apps except that app. as soon as it gives you the message that
> indicates it has called home look in the logs and find out what
> ip/port it used. tell your firewall to disallow outgoing connections
> from that ip/port. that should take care of it.
>
> -N
>
> On 30 Oct 2003 01:35:55 -0800, jirinej@volny.cz (JN) wrote:
>
> >This is a newbie question. I seek a simple way to prevent some
> >application(s) to check via internet if it's cracked or not. When I
> >disconnect from net, app works without any warnings. While connected
> >to net, meessage appears. I need to solve 2 things:
> >- Find out, where my app is connecting
> >- Prevent connecting there
> >I have windows 2000, I am connected via LAN and am already behind
> >proxy (but can't do anything about net configuration). Does exist some
> >simple way to do this? Thanks.
|
|