A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

hardcode fotosketcher dialing home



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old December 3rd 18, 04:08 AM posted to alt.windows7.general
Jean Fredette
external usenet poster
 
Posts: 47
Default hardcode fotosketcher dialing home

Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download
version 3.40?"

There is no option in the settings to turn this off.

I can't find where Fotosketcher knows what version to get in taskschd.msc.
Fotosketcher Program Files has only fotosketcher.exe and unins000.exe.

Where does home dialing come from?
Is it hard code?
How can it be stopped?
Ads
  #2  
Old December 3rd 18, 03:28 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default hardcode fotosketcher dialing home

Jean Fredette wrote:
Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download
version 3.40?"

There is no option in the settings to turn this off.

I can't find where Fotosketcher knows what version to get in taskschd.msc.
Fotosketcher Program Files has only fotosketcher.exe and unins000.exe.

Where does home dialing come from?
Is it hard code?
How can it be stopped?


https://www.howtogeek.com/227093/how...dows-firewall/

You could block it that way.

The HOSTS file wouldn't be enough, if the program
is using a fixed IP (numeric) address.

You can try out the firewall method and tell us
whether it works or not. It's going to be blocked on
outbound.

A program does not have to "tolerate" being blocked.
Once a program is within your "perimeter", there
are a ton of things it can do. The above web page
is intended for "moderately aggressive" programs.

A program which is "maximally aggressive", I think
it would really be hard to stop. For example, it
could launch separate randomly named attack EXEs
to send messages. A program doesn't have to
"stay within its EXE". A tool like the old ZoneAlarm,
would stop "new" programs and prompt you for a policy,
but this would be annoying if every time you ran the
program, ZoneAlarm was prompting you again. And if the
attack EXE was named "Notepad", ZoneAlarm might mistake
a newly launched program, for an existing program.

Paul
  #3  
Old December 3rd 18, 04:01 PM posted to alt.windows7.general
Shadow
external usenet poster
 
Posts: 1,638
Default hardcode fotosketcher dialing home

On Sun, 2 Dec 2018 21:08:37 -0600, Jean Fredette
wrote:

Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download
version 3.40?"

There is no option in the settings to turn this off.

I can't find where Fotosketcher knows what version to get in taskschd.msc.
Fotosketcher Program Files has only fotosketcher.exe and unins000.exe.

Where does home dialing come from?
Is it hard code?
How can it be stopped?


Pull the plug on your network connector. If the program won't
load, you are fscked, I mean, "you lose" (unless you know a bit of
assembler AND it's not depending on some offline resource).

If it does work offline, just block it with a decent firewall.

https://www.privacyware.com/personal_firewall.html

Note the certificate on the site is weird. I advise you to
download it from somewhere safe like Softpedia.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
  #4  
Old December 3rd 18, 05:22 PM posted to alt.windows7.general
Paul in Houston TX[_2_]
external usenet poster
 
Posts: 999
Default hardcode fotosketcher dialing home

Jean Fredette wrote:
Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download
version 3.40?"

There is no option in the settings to turn this off.

I can't find where Fotosketcher knows what version to get in taskschd.msc.
Fotosketcher Program Files has only fotosketcher.exe and unins000.exe.

Where does home dialing come from?
Is it hard code?
How can it be stopped?


1) My computers have perhaps 50 programs that try to phone home. I set Zone Alarm to block
web access to those programs and not ask or tell me that it is doing so.
2) Depending on coding, you might be able to use a program like Resource Hacker or a hex
editor to change the phone home url to nonsense.

  #5  
Old December 3rd 18, 07:28 PM posted to alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default hardcode fotosketcher dialing home

In message , Paul
writes:
Jean Fredette wrote:
Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download
version 3.40?"
There is no option in the settings to turn this off.
I can't find where Fotosketcher knows what version to get in
taskschd.msc.
Fotosketcher Program Files has only fotosketcher.exe and unins000.exe.
Where does home dialing come from?
Is it hard code?
How can it be stopped?


https://www.howtogeek.com/227093/how...on-from-access
ing-the-internet-with-windows-firewall/

You could block it that way.

The HOSTS file wouldn't be enough, if the program
is using a fixed IP (numeric) address.

[]
(And others)

I think Jean was interested in stopping it _asking_, rather than just
blocking it.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

At the age of 7, Julia Elizabeth Wells could sing notes only dogs could hear.
  #6  
Old December 3rd 18, 07:40 PM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default hardcode fotosketcher dialing home

J. P. Gilliver (John) wrote:
In message , Paul
writes:
Jean Fredette wrote:
Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download
version 3.40?"
There is no option in the settings to turn this off.
I can't find where Fotosketcher knows what version to get in
taskschd.msc.
Fotosketcher Program Files has only fotosketcher.exe and unins000.exe.
Where does home dialing come from?
Is it hard code?
How can it be stopped?


https://www.howtogeek.com/227093/how...on-from-access
ing-the-internet-with-windows-firewall/

You could block it that way.

The HOSTS file wouldn't be enough, if the program
is using a fixed IP (numeric) address.

[]
(And others)

I think Jean was interested in stopping it _asking_, rather than just
blocking it.


Do you have a particular location where a branch
can be replaced with a nop ? I'd have to unpack it in
Linux WINE, install it, find out which family it belongs
to (Visual Studio, or GCC), and pick a debugger to
use to single step it (Windbg or gdb).

I did use an online disassembler once, to successfully
modify program behavior. But the code couldn't
be packed, to use that. And I don't have any
unpackers for UPX and the other twenty or thirty
packer formats. Some of the packers (Armadillo???)
are designed to obfuscate the code and make it
harder to verify or scan.

How much time do you have ? :-)

It's possible if it cannot fetch the current
version manifest from the web site, the program
will remain mute on the topic of updating. If
the OP provides feedback, then we'll know which
kind of code it is (well-mannered code or
unpleasant splatter-like code).

Paul
  #7  
Old December 4th 18, 12:50 AM posted to alt.windows7.general
Shadow
external usenet poster
 
Posts: 1,638
Default hardcode fotosketcher dialing home

On Mon, 03 Dec 2018 13:40:55 -0500, Paul
wrote:

J. P. Gilliver (John) wrote:
In message , Paul
writes:
Jean Fredette wrote:
Fotosketcher 3.30 keeps asking "Go to www.fotosketcher.com to download
version 3.40?"
There is no option in the settings to turn this off.
I can't find where Fotosketcher knows what version to get in
taskschd.msc.
Fotosketcher Program Files has only fotosketcher.exe and unins000.exe.
Where does home dialing come from?
Is it hard code?
How can it be stopped?

https://www.howtogeek.com/227093/how...on-from-access
ing-the-internet-with-windows-firewall/

You could block it that way.

The HOSTS file wouldn't be enough, if the program
is using a fixed IP (numeric) address.

[]
(And others)

I think Jean was interested in stopping it _asking_, rather than just
blocking it.


Do you have a particular location where a branch
can be replaced with a nop ? I'd have to unpack it in
Linux WINE, install it, find out which family it belongs
to (Visual Studio, or GCC), and pick a debugger to
use to single step it (Windbg or gdb).


Check out x64dbg

It's "Ollydbg continued" ....

https://x64dbg.com/

Both 32 and 64 bit versions included in the download.
And it's portable.

You probably want the latest snapshot:

https://sourceforge.net/projects/x64...les/snapshots/

You can decompress upx compressed executables with the upx
program. And Aspack is pretty easy to decompress from within x64dbg.
But I agree, Armadillo is terrible. In fact, I refuse to install
anything protected by Armadillo, you never know what it's up to.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 06:37 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.