Vivi

Anti Memory dump ?

9 posts in this topic

Hey dear community,

i write alot of programs that i sell.

i coded a sucessfull license system but sadly i have no protection against memory dumps.

 

i already tried playing with "memory.au3" but failed at it.

#include <WinAPI.au3>
#include <Memory.au3>
#include <NoMadMemory.au3>
$Mem_Open = _MemoryOpen(@AutoItPID)
$baseAddress = _WinAPI_GetModuleHandle(0)
_MemVirtualAlloc($Mem_Open, BinaryLen($Mem_Open), $MEM_COMMIT, $PAGE_GUARD)

 

anyone has a idea how i can call use page guard ?

 

Thanks

Share this post


Link to post
Share on other sites



Many products have tried but all fail in this regard, particularly in situations where someone knows what they are doing.

Sorry Vivi but that's just the way of it.

Vlad

Share this post


Link to post
Share on other sites

Many products have tried but all fail in this regard, particularly in situations where someone knows what they are doing.

Sorry Vivi but that's just the way of it.

Vlad

i already found a method on how to stop decompilers do there job.

bypassed sniffers and co

 

are you sure there is no way to use page guard's or any other method to prevent memory dumps ?

Share this post


Link to post
Share on other sites

Who's talking about decompilation?

(despite you bold and incorrect assumption regarding this long term)

We (or rather you) are talking about memory, the weakpoint of every application to date.

Am I saying implementing page guard is Impossible? No not really, and hopefully someone will at least help you do this much to put you in a false sense of security mindset short term so you can continue developing your content without worrying where the holy grail has been stashed.

 

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

No, no you have not.

i have no protection against memory dumps.

There's the evidence.

add "#end region" in the first line.

 

 

Edited by Vivi

Share this post


Link to post
Share on other sites

That is not the only decompiler, and it will not protect a script against decompilation.

If it did, you would not be here looking for a solution.

Plenty get the script from memory at runtime. you cannot stop that.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

@Vivi please remove the name of the decompiler in post 6 and use something like "memory based or focused decompiler".
 
As JohnOne has stated it isn't the only one these days so there is no real need to reference any single one by name.
 
Edited by Mobius

Share this post


Link to post
Share on other sites

Hi,

This thread has now gone beyond the limits - locked.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • Dequality
      By Dequality
      Since my last topic were closed because bot scripting aren't allowed to be discussed anymore on here.
      Could anyone possibly give me a good example to learn memory read/write? , i can't figure out anything else which would be a good level of difficulty to practice than "tetris bot" but since it aint legal, i wont be asking for that let me know ur ideas and i would highly appreciate if examples could be posted (My last project was a imgsrch/pxlsrch) so thought i woud move on to memory read/write, if this somehow came out wrong lmk.
       
      AND NO I'M NOT ASKING FOR A FULL CODE I WANNA CODE/SCRIPT IT MY SELF, Just show me some simple examples of Memory read/write if u can/will TYVM.
       
      Dequality.
    • Dequality
      By Dequality
      I honestly didn't try anything yet.
      But i was thinking about my next step would be to try creating a tetris bot for educational purpose only. Last time i created a automation script / bot for ClubPenguin, which was simply made with PixelSearch If NOT(@error) Then , bla bla u know the drill aight, so i thought i would give my self a little harder challenge instead of keep making Pixelbots, i would love to try making a Memory bot or w/e u call , i read something about memory read/record was used for Tetris bots, since i haven't used Memory, i would love to know if anyone could give me a good guide or smth to follow :-) Either a complete tetris bot guide or a guide that explains memory totally in depth ish. :-)
       
       
      Dequality. #ANY-HELP-APPRECIATET
    • giangnguyen
      By giangnguyen
      I am looking for a way to set up either VIRTUAL_PROTECT or PAGE_GUARD for memory protection. I currently don't know how to do this, I have made the encryption for my EXE Protector, the RunPE module, and basically everything that I need. I also have made an advanced obfuscation tool, which I might release here on the forums in the future, to make sure the code is impossible to be understood. However, people can dump the original EXE from memory when I am injecting it. So how would I implement VIRTUAL_PROTECT, PAGE_GUARD or other methods of protecting memory?
    • ronmage
      By ronmage
      Well as stated I am trying to get memory to work. I am using the cheat engine tutorial just trying to read a memory values. I am using NomadMemory and Nomadmemory2 which I will link for you all and anyone else that is having the same problem. At this point I am thinking my OS and Autoit are too new for it. Can anyone help with getting this to work?
      NomadMemory.au3
      NomadMemory2.au3
    • InunoTaishou
      By InunoTaishou
      Here's the goal:
      Create a handle to a bitmap object using _WinApi_PrintWindow (this is done and working properly, I can take a screenshot of the window even when it's hidden or offscreen, does not work minimized) Be able to search for a pixel color in memory on the handle. I can get it to work if I create a Bitmap from an HBITMAP (_GDIPlus_BitmapCreateFromHBITMAP) and then go through each pixel and check it using _GDIPlus_BitmapGetPixel but it's too slow. I've tried doing the _WinApi_GetPIxel using an $hDC but it's much slower than GDI+ (GD+ takes about 20seconds to search for almost 500,000 pixels, GetPixel takes almost 60seconds) I found the FastFind library but, honestly, it's sloppy and I'm wanting to search a defined area, not set the starting position and then search the rest of the window. I also found a few examples on the forums but I could not get them to work.
      Here's the CaptureWindow function. I'm only wanting to capture the client area (Not the border around the client, hence the -16 for the width and the -38 for the height, gets rid of the title bar and the resize bars on the sides. Also I'm wanting to keep the coordinates relative to the window, so if you only want to capture the screen from 480, 200 to 680, 400, then the rest of the area is black on purpose)
      #include-once Func CaptureWindow(Const $iLeft = 0, Const $iTop = 0, Const $iWidth = -1, Const $iHeight = -1, Const $hWindow = WinGetHandle("[Active]")) Local $rect_window = WinGetPos($hWindow) Local $hDC = _WinAPI_GetWindowDC($hWindow) Local $hDestDC = _WinAPI_CreateCompatibleDC($hDC) Local $hBitmap = _WinAPI_CreateCompatibleBitmap($hDC, $rect_window[2] - 16, $rect_window[3] - 38) Local $hDestSv = _WinAPI_SelectObject($hDestDC, $hBitmap) Local $hSrcDC = _WinAPI_CreateCompatibleDC($hDC) Local $hBmp = _WinAPI_CreateCompatibleBitmap($hDC, $rect_window[2] - 16, $rect_window[3] - 38) Local $hSrcSv = _WinAPI_SelectObject($hSrcDC, $hBmp) _WinAPI_PrintWindow($hWindow, $hSrcDC, True) If ($iWidth > 0 and $iHeight > 0) Then _WinAPI_BitBlt($hDestDC, $iLeft, $iTop, $iWidth, $iHeight, $hSrcDC, $iLeft, $iTop, $MERGECOPY) Else _WinAPI_BitBlt($hDestDC, $iLeft, $iTop, $rect_window[2] - 16 - $iLeft, $rect_window[3] - 38 - $iTop, $hSrcDC, $iLeft, $iTop, $MERGECOPY) EndIf _WinAPI_SelectObject($hDestDC, $hDestSv) _WinAPI_SelectObject($hSrcDC, $hSrcSv) _WinAPI_ReleaseDC($hWindow, $hDC) _WinAPI_DeleteDC($hDestDC) _WinAPI_DeleteDC($hSrcDC) _WinAPI_DeleteObject($hBmp) Return $hBitmap EndFunc ;==>CaptureWindow And the first attempt for PixelSearch, using GDI+ (Fastest)
      Func PixelSearchInhBitmap(Const ByRef $hHBmp, Const ByRef $color, Const $tolerance = 10, Const $iLeft = 0, Const $iTop = 0, $iWidth = -1, $iHeight = -1, Const $iStep = 1) Local $hBitmap = _GDIPlus_BitmapCreateFromHBITMAP($hHBmp) Local $rbg_color = _ColorGetRGB("0x" & Hex($color, 6)) Local $found_color = False Local $abscoord_color[2] = [0, 0] Local $red_low = 0 Local $green_low = 0 Local $blue_low = 0 Local $red_high = 0 Local $green_high = 0 Local $blue_high = 0 $red_low = ($tolerance > $rbg_color[0] ? 0 : $rbg_color[0] - $tolerance) $green_low = ($tolerance > $rbg_color[1] ? 0 : $rbg_color[1] - $tolerance) $blue_low = ($tolerance > $rbg_color[2] ? 0 : $rbg_color[2] - $tolerance) $red_high = ($tolerance > 255 - $rbg_color[0] ? 255 : $rbg_color[0] + $tolerance) $green_high = ($tolerance > 255 - $rbg_color[1] ? 255 : $rbg_color[1] + $tolerance) $blue_high = ($tolerance > 255 - $rbg_color[2] ? 255 : $rbg_color[2] + $tolerance) If ($iWidth = -1) Then $iWidth = _GDIPlus_ImageGetWidth($hBitmap) If ($iHeight = -1) Then $iHeight = _GDIPlus_ImageGetHeight($hBitmap) Local $start_time = TimerInit() For $iY = $iTop To $iHeight Step $iStep For $iX = $iLeft To $iWidth Step $iStep Local $get_pixel = _GDIPlus_BitmapGetPixel($hBitmap, $iX, $iY) If (@Error) Then ContinueLoop Local $pixel_color = _ColorGetRGB("0x" & Hex($get_pixel, 6)) If (@Error) Then ContinueLoop If (($pixel_color[0] >= $red_low and $pixel_color[0] <= $red_high) and ($pixel_color[1] >= $green_low and $pixel_color[1] <= $green_high) and ($pixel_color[2] >= $blue_low and $pixel_color[2] <= $blue_high)) Then $found_color = True $abscoord_color[0] = $iX $abscoord_color[1] = $iY ExitLoop 2 EndIf Next Next MsgBox("", "", TimerDiff($start_time) / 1000) _GDIPlus_BitmapDispose($hBitmap) If ($found_color) Then Return $abscoord_color Else Return SetError(-1, 0, 0) EndIf EndFunc Second attempt using _WInApi_GetPixel (Note. I replaced the Autoit function with my own where I replaced the string "gdi32.dll" with a handle to the opened DLL. In the hopes it would improve time. The time difference was not noticable)
      Global $HWND_DLL_GDI32 = DLLopen("gdi32.dll") Func PixelSearchInhDC(Const ByRef $color, Const $tolerance = 10, Const $iLeft = 0, Const $iTop = 0, $iWidth = -1, $iHeight = -1, Const $iStep = 1, Const $hWnd_window = WinGetHandle("[Active]")) Local $hDC = _WinAPI_GetWindowDC($hWnd_window) Local $rbg_color = _ColorGetRGB("0x" & Hex($color, 6)) Local $found_color = False Local $abscoord_color[2] = [0, 0] Local $start_time, $end_time Local $red_low = 0 Local $green_low = 0 Local $blue_low = 0 Local $red_high = 0 Local $green_high = 0 Local $blue_high = 0 If (Not $hDC) Then Return SetError(1, 0, 0) EndIf If ($iWidth = -1 or $iHeight = -1) Then Local $rect_window = WinGetPos($hWnd_window) If ($iWidth = -1) Then $iWidth = $rect_window[2] - $iLeft If ($iHeight = -1) Then $iHeight = $rect_window[3] - $iTop EndIf $red_low = ($tolerance > $rbg_color[0] ? 0 : $rbg_color[0] - $tolerance) $green_low = ($tolerance > $rbg_color[1] ? 0 : $rbg_color[1] - $tolerance) $blue_low = ($tolerance > $rbg_color[2] ? 0 : $rbg_color[2] - $tolerance) $red_high = ($tolerance > 255 - $rbg_color[0] ? 255 : $rbg_color[0] + $tolerance) $green_high = ($tolerance > 255 - $rbg_color[1] ? 255 : $rbg_color[1] + $tolerance) $blue_high = ($tolerance > 255 - $rbg_color[2] ? 255 : $rbg_color[2] + $tolerance) $start_time = TimerInit() For $iY = $iTop To $iHeight Step $iStep For $iX = $iLeft To $iWidth Step $iStep Local $get_pixel = __WinAPI_GetPixel($hDC, $iX, $iY) If (@Error) Then ContinueLoop Local $pixel_color = _ColorGetRGB("0x" & Hex($get_pixel, 6)) If (@Error) Then ContinueLoop If (($pixel_color[0] >= $red_low and $pixel_color[0] <= $red_high) and ($pixel_color[1] >= $green_low and $pixel_color[1] <= $green_high) and ($pixel_color[2] >= $blue_low and $pixel_color[2] <= $blue_high)) Then $found_color = True $abscoord_color[0] = $iX $abscoord_color[1] = $iY ExitLoop 2 EndIf Next Next MsgBox("", "", TimerDiff($start_time) / 1000 & "s") If ($found_color) Then Return $abscoord_color Else Return SetError(1, 0, 0) EndIf EndFunc Func __WinAPI_GetPixel($hDC, $iX, $iY) Local $aRet = DllCall($HWND_DLL_GDI32, 'dword', 'GetPixel', 'handle', $hDC, 'int', $iX, 'int', $iY) If @error Or ($aRet[0] = 4294967295) Then Return SetError(@error, @extended, -1) ; If $aRet[0] = 4294967295 Then Return SetError(1000, 0, -1) Return __RGB($aRet[0]) EndFunc ;==>__WinAPI_GetPixel