Jump to content
Vivi

Anti Memory dump ?

Recommended Posts

Vivi

Hey dear community,

i write alot of programs that i sell.

i coded a sucessfull license system but sadly i have no protection against memory dumps.

 

i already tried playing with "memory.au3" but failed at it.

#include <WinAPI.au3>
#include <Memory.au3>
#include <NoMadMemory.au3>
$Mem_Open = _MemoryOpen(@AutoItPID)
$baseAddress = _WinAPI_GetModuleHandle(0)
_MemVirtualAlloc($Mem_Open, BinaryLen($Mem_Open), $MEM_COMMIT, $PAGE_GUARD)

 

anyone has a idea how i can call use page guard ?

 

Thanks

Share this post


Link to post
Share on other sites
Mobius

Many products have tried but all fail in this regard, particularly in situations where someone knows what they are doing.

Sorry Vivi but that's just the way of it.

Vlad

Share this post


Link to post
Share on other sites
Vivi

Many products have tried but all fail in this regard, particularly in situations where someone knows what they are doing.

Sorry Vivi but that's just the way of it.

Vlad

i already found a method on how to stop decompilers do there job.

bypassed sniffers and co

 

are you sure there is no way to use page guard's or any other method to prevent memory dumps ?

Share this post


Link to post
Share on other sites
Mobius

Who's talking about decompilation?

(despite you bold and incorrect assumption regarding this long term)

We (or rather you) are talking about memory, the weakpoint of every application to date.

Am I saying implementing page guard is Impossible? No not really, and hopefully someone will at least help you do this much to put you in a false sense of security mindset short term so you can continue developing your content without worrying where the holy grail has been stashed.

 

Share this post


Link to post
Share on other sites
Vivi

No, no you have not.

i have no protection against memory dumps.

There's the evidence.

add "#end region" in the first line.

 

 

Edited by Vivi

Share this post


Link to post
Share on other sites
JohnOne

That is not the only decompiler, and it will not protect a script against decompilation.

If it did, you would not be here looking for a solution.

Plenty get the script from memory at runtime. you cannot stop that.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
Mobius
@Vivi please remove the name of the decompiler in post 6 and use something like "memory based or focused decompiler".
 
As JohnOne has stated it isn't the only one these days so there is no real need to reference any single one by name.
 
Edited by Mobius

Share this post


Link to post
Share on other sites
Melba23

Hi,

This thread has now gone beyond the limits - locked.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • DynamicRookie
      By DynamicRookie
      Hey there!
       
      I've been developing a artificial intelligence.

      My first hard task was letting the A.I know when a sentence is found in memory with different words
      What i tried to do here is simply, get all the words in user sentence that could be used
      as a identifier
              
              example: Steve Jobs
              
              then identify the sentence purpose with the words we found in the past "for" loop
              
              example: Do/Know/You/Who/Steve/Jobs
              
              Compare the example in the following matching sentences in memory.
              
              1-Steve jobs was a known person
              2-Do you know who barack obama is?
              3-Do you know Steve jobs?
              4-Do you know who steve jobs is?
              5-How much money steve jobs had
              
              Then find the sentence that has way more matches than the other ones, remember that if the identifier words were not found
              (Steve jobs) then the sentence is invalid.
              
              Every sentence has a different answer and is important that the right one is chosen.
              
      If there's no more than the half of words in matches, then assign a variable the result of function, such as a return but for a global var.
      I couldn't figure out how to do that with StringRegExp.
       
      I honestly need help with detecting identifiers on memory sentences.
      I would also like to let the AI know typos, meaning that moeny and money means the same thing.
      Any help is hugely appreciated.

       
    • c.haslam
      By c.haslam
      cDebug.au3 includes four main debugging UDFs: _GuiDebug(), _ConsDebug(), _ClipDebug() and _FormatValsForDebug(). They all dump the values of all AutoIt subtypes and expressions, in a structured manner, including nested arrays (up to 3 dimensions) and slices of them, and even DLL structs and maps. It is an alternative to a graphical debugger, offering GUI output.
      The format for calling the UDFs has been designed to make coding a call as convenient and fast as possible, minimizing coding effort and the chances of errors: the $name argument is often the same as the variables arguments, enclosed in quote marks.
      For DLL structures, if you specify a tag, cDebug checks for differences between it and what it detects. If you only specify a structure variable, it can report the structure it detects, with the values of elements.
      It does much more than MsgBox(), ConsoleWrite() and _ArrayDisplay(), in a definitely user-friendly manner, and does its best to avoid hiding your code in SciTE.
      #include cDebug no maps.au3 or cDebug.au3 at the top of your script. If you #include cDebug.au3 (the version with maps)  #include #AutoIt3Wrapper_Version=B before #include cDebug.au3
      It is fully documented in cDebug.pdf   .  During debugging and development of new features, the current version is used to debug the upcoming version, so there is much testing, even so  bugs are always possible, particularly in new features, such as reporting elements of maps whose keys match a regular expression. Bug reports and suggestions are welcome.
      These UDFs have been in regular use for some years.
      Because when cDebug was developed, maps were a use at your own risk feature, there are two streams of cDebug:
      cDebug.au3 reports maps, so to use it you must be running a version of AutoIt that supports maps, e.g. 3.3.15.0, and #include cDebug.au3 cDebug no maps.au3 does not report maps, so you can be running any recent version of AutoIt, e.g. 3.3.14.5, and #include cDebug no maps.au3 The only difference between the two streams is that map-reporting code is commented out in cDebug no maps.au3 .
      A teaser
      This script:
      #AutoIt3Wrapper_Version=B ; beta 3.3.15.0 or greater is mandatory for cDebug.au3 #include "cDebug.au3" Local $seasons[] $seasons.summer = 'May to September' $seasons.spring = 'April' $seasons.fall = 'October to November' $seasons.winter = 'December to March' Local $aCats[3][3] = [['jack','black',3],['suki','grey',4],[$seasons,'','']] Local $i = 1 Local $tStruct = DllStructCreate('uint') DllStructSetData($tStruct,1,2018) _GuiDebug('At line '&@ScriptLineNumber,'$cats,jack is,$cats[..][$i],$i,hex,structure{uint}', _ $aCats,$aCats[0][2],$aCats,$i,Hex(-$i),$tstruct) produces:

       
      Edit history
      See documentation PDF
      Acknowledgements
      Melba23, Kafu, ProgAndy, jchd
    • c.haslam
      By c.haslam
      cDebug.au3 includes four main debugging UDFs: _GuiDebug(), _ConsDebug(), _ClipDebug() and _FormatValsForDebug(). They all dump the values of all AutoIt subtypes and expressions, in a structured manner, including nested arrays and slices of them, and even DLL structs and maps. It is an alternative to a graphical debugger, offering GUI output.
      The format for calling the UDFs has been designed to make coding a call as convenient and fast as possible, minimizing coding effort and the chances of errors: the $name argument is often the same as the variables arguments, enclosed in quote marks.
      For DLL structures, if you specify a tag, cDebug checks for differences between it and what it detects. If you only specify a structure variable, it can report the structure it detects, with the values of elements.
      It does much more than MsgBox(), ConsoleWrite() and _ArrayDisplay(), in a definitely user-friendly manner, and does its best to avoid hiding your code in SciTE.
      It is fully documented.  During development of new features, the current version is used to debug the upcoming version, so there is much testing.
      These UDFs have been in regular use for some years. Suggestions and bug reports are most welcome.
      Get the latest version in Example Scripts
      #AutoIt3Wrapper_Version=B ; beta 3.3.15.0 or greater is mandatory for cDebug.au3, not for cDebug no maps.au3 #include "cDebug.au3" Local $seasons[] $seasons.summer = 'May to September' $seasons.spring = 'April' $seasons.fall = 'October to November' $seasons.winter = 'December to March' Local $aCats[3][3] = [['jack','black',3],['suki','grey',4],[$seasons,'','']] Local $i = 1 Local $tStruct = DllStructCreate('uint') DllStructSetData($tStruct,1,2018) _GuiDebug('At line '&@ScriptLineNumber,'$cats,jack is,$cats[..][$i],$i,hex,structure{uint}', _ $aCats,$aCats[0][2],$aCats,$i,Hex(-$i),$tstruct) reports

         
    • Parsix
      By Parsix
      Hi,
      how to use twain scanning in my app with custom settings
      1. output format : jpg
      2. compressing jpg
      3. mx res : 100
      4.custom filename path (examle: D:\123.jpg)
      5. get scanner list and scan with selected scanner (get scanner list in my combo or any ctrl)
      6. free version
       
       
      eztwain free tested
    • toto22
      By toto22
      I'm trying to get a "double" value from memory . However my code gives me error.
       
      Opt("WinTitleMatchMode", 4)     Global $ProcessID = WinGetProcess("TI Pro")     If $ProcessID = -1 Then         MsgBox(4096, "ERROR", "Failed to detect process.")         Exit     EndIf     Local $DllInformation = _MemoryOpen($ProcessID)     If @Error Then         MsgBox(4096, "ERROR", "Failed to open memory.")         Exit     EndIf   Local $dAddress = 0x1FECD474   Local $tNbSteps = DllStructCreate("double", $dAddress)   Local $value = DllStructSetData($tNbSteps, 1, (_MemoryRead($dAddress, $DllInformation)))      MsgBox($MB_SYSTEMMODAL, $value)
×