If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
hardcode fotosketcher dialing home
Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download
version 3.40?" There is no option in the settings to turn this off. I can't find where Fotosketcher knows what version to get in taskschd.msc. Fotosketcher Program Files has only fotosketcher.exe and unins000.exe. Where does home dialing come from? Is it hard code? How can it be stopped? |
Ads |
#2
|
|||
|
|||
hardcode fotosketcher dialing home
Jean Fredette wrote:
Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download version 3.40?" There is no option in the settings to turn this off. I can't find where Fotosketcher knows what version to get in taskschd.msc. Fotosketcher Program Files has only fotosketcher.exe and unins000.exe. Where does home dialing come from? Is it hard code? How can it be stopped? https://www.howtogeek.com/227093/how...dows-firewall/ You could block it that way. The HOSTS file wouldn't be enough, if the program is using a fixed IP (numeric) address. You can try out the firewall method and tell us whether it works or not. It's going to be blocked on outbound. A program does not have to "tolerate" being blocked. Once a program is within your "perimeter", there are a ton of things it can do. The above web page is intended for "moderately aggressive" programs. A program which is "maximally aggressive", I think it would really be hard to stop. For example, it could launch separate randomly named attack EXEs to send messages. A program doesn't have to "stay within its EXE". A tool like the old ZoneAlarm, would stop "new" programs and prompt you for a policy, but this would be annoying if every time you ran the program, ZoneAlarm was prompting you again. And if the attack EXE was named "Notepad", ZoneAlarm might mistake a newly launched program, for an existing program. Paul |
#3
|
|||
|
|||
hardcode fotosketcher dialing home
On Sun, 2 Dec 2018 21:08:37 -0600, Jean Fredette
wrote: Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download version 3.40?" There is no option in the settings to turn this off. I can't find where Fotosketcher knows what version to get in taskschd.msc. Fotosketcher Program Files has only fotosketcher.exe and unins000.exe. Where does home dialing come from? Is it hard code? How can it be stopped? Pull the plug on your network connector. If the program won't load, you are fscked, I mean, "you lose" (unless you know a bit of assembler AND it's not depending on some offline resource). If it does work offline, just block it with a decent firewall. https://www.privacyware.com/personal_firewall.html Note the certificate on the site is weird. I advise you to download it from somewhere safe like Softpedia. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#4
|
|||
|
|||
hardcode fotosketcher dialing home
Jean Fredette wrote:
Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download version 3.40?" There is no option in the settings to turn this off. I can't find where Fotosketcher knows what version to get in taskschd.msc. Fotosketcher Program Files has only fotosketcher.exe and unins000.exe. Where does home dialing come from? Is it hard code? How can it be stopped? 1) My computers have perhaps 50 programs that try to phone home. I set Zone Alarm to block web access to those programs and not ask or tell me that it is doing so. 2) Depending on coding, you might be able to use a program like Resource Hacker or a hex editor to change the phone home url to nonsense. |
#5
|
|||
|
|||
hardcode fotosketcher dialing home
In message , Paul
writes: Jean Fredette wrote: Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download version 3.40?" There is no option in the settings to turn this off. I can't find where Fotosketcher knows what version to get in taskschd.msc. Fotosketcher Program Files has only fotosketcher.exe and unins000.exe. Where does home dialing come from? Is it hard code? How can it be stopped? https://www.howtogeek.com/227093/how...on-from-access ing-the-internet-with-windows-firewall/ You could block it that way. The HOSTS file wouldn't be enough, if the program is using a fixed IP (numeric) address. [] (And others) I think Jean was interested in stopping it _asking_, rather than just blocking it. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf At the age of 7, Julia Elizabeth Wells could sing notes only dogs could hear. |
#6
|
|||
|
|||
hardcode fotosketcher dialing home
J. P. Gilliver (John) wrote:
In message , Paul writes: Jean Fredette wrote: Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download version 3.40?" There is no option in the settings to turn this off. I can't find where Fotosketcher knows what version to get in taskschd.msc. Fotosketcher Program Files has only fotosketcher.exe and unins000.exe. Where does home dialing come from? Is it hard code? How can it be stopped? https://www.howtogeek.com/227093/how...on-from-access ing-the-internet-with-windows-firewall/ You could block it that way. The HOSTS file wouldn't be enough, if the program is using a fixed IP (numeric) address. [] (And others) I think Jean was interested in stopping it _asking_, rather than just blocking it. Do you have a particular location where a branch can be replaced with a nop ? I'd have to unpack it in Linux WINE, install it, find out which family it belongs to (Visual Studio, or GCC), and pick a debugger to use to single step it (Windbg or gdb). I did use an online disassembler once, to successfully modify program behavior. But the code couldn't be packed, to use that. And I don't have any unpackers for UPX and the other twenty or thirty packer formats. Some of the packers (Armadillo???) are designed to obfuscate the code and make it harder to verify or scan. How much time do you have ? :-) It's possible if it cannot fetch the current version manifest from the web site, the program will remain mute on the topic of updating. If the OP provides feedback, then we'll know which kind of code it is (well-mannered code or unpleasant splatter-like code). Paul |
#7
|
|||
|
|||
hardcode fotosketcher dialing home
On Mon, 03 Dec 2018 13:40:55 -0500, Paul
wrote: J. P. Gilliver (John) wrote: In message , Paul writes: Jean Fredette wrote: Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download version 3.40?" There is no option in the settings to turn this off. I can't find where Fotosketcher knows what version to get in taskschd.msc. Fotosketcher Program Files has only fotosketcher.exe and unins000.exe. Where does home dialing come from? Is it hard code? How can it be stopped? https://www.howtogeek.com/227093/how...on-from-access ing-the-internet-with-windows-firewall/ You could block it that way. The HOSTS file wouldn't be enough, if the program is using a fixed IP (numeric) address. [] (And others) I think Jean was interested in stopping it _asking_, rather than just blocking it. Do you have a particular location where a branch can be replaced with a nop ? I'd have to unpack it in Linux WINE, install it, find out which family it belongs to (Visual Studio, or GCC), and pick a debugger to use to single step it (Windbg or gdb). Check out x64dbg It's "Ollydbg continued" .... https://x64dbg.com/ Both 32 and 64 bit versions included in the download. And it's portable. You probably want the latest snapshot: https://sourceforge.net/projects/x64...les/snapshots/ You can decompress upx compressed executables with the upx program. And Aspack is pretty easy to decompress from within x64dbg. But I agree, Armadillo is terrible. In fact, I refuse to install anything protected by Armadillo, you never know what it's up to. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
Thread Tools | |
Display Modes | Rate This Thread |
|
|