Log in

View Full Version : Programming Loader under MAC -> API Calls


Drigo
August 20th, 2009, 00:22
Hello Guys

I have written a loader for Windows for a very nice app (but very bad encryption protection). Now I will write a loader for this app for the MAC edition of it. I will write it in Realbasic. But there is a big question:
In windows there are many API calls like ReadProcessMemory and WriteProcessmemory and FindWindow.
Are this API calls in OSX also available?

Thanks for your answers

FrankRizzo
August 20th, 2009, 18:43
Well, OSX is based on BSD, and the only way to do that (that I've found), is through ptrace. You'll want to look that up, and give it a shot. I haven't done it myself yet, but I'd be interested to know if you make it work.

(The protection that I circumvented on the Mac was simple enough that I wrote my cracker tool in PERL! Yes, PERL. So that it would work on both PPC, and X86 Macs).

D-Jester
August 23rd, 2009, 11:50
Porting the loader to Java might be the way to go to run it on either platform.
A simple OS check, and cross platform API.
Whether or not Java has the API you need is the question, I google or two and you could be in business.

FrankRizzo
August 23rd, 2009, 12:24
Drigo, whatever you do, please let us know what it was, and how it worked out.

This is an area of interest of mine, and I have some things I'd like to try, but it's currently at about #8 on the list. That means I *WILL* get to it, but probably not real soon, but when I do, I'd like to know what worked, and what didn't to save some time.

dELTA
August 30th, 2009, 18:33
Err, writing a loader in Java probably isn't a very good idea, since its entire security model makes it unable to access even its own memory space, let alone something outside of its little sandbox world.

D-Jester
August 30th, 2009, 20:54
Quote:
[Originally Posted by dELTA;82684]Err, writing a loader in Java probably isn't a very good idea, since its entire security model makes it unable to access even its own memory space, let alone something outside of its little sandbox world.


Duly noted dELTA.
I have no experience with Java, therefore only suggested it because of its Crossplaform compatibility.

FrankRizzo
September 1st, 2009, 21:10
The reason I used PERL was because it was so stupidly simple to do.

Get this. When you run the app, you get a "Trial Version, Try/Buy" screen put up by the loader. The main executable is encrypted. When you click "Try", the make a copy of the executable, open the file, read the contents, decrypt them, and then write them back to the copy, and execute it!

I understand that they don't have "ReadProcessMemory/WriteProcessMemory" to be able to do it in memory like they do with the windows version of this protection, but Hay-Seuss! That's just STUPID!