How a program trial-period crack functions and how to set correct permissions?

Discussion in 'Computer Programming, Emulation, and Game Modding' started by caribou007, Feb 14, 2013.

  1. caribou007
    OP

    Member caribou007 GBAtemp Regular

    Joined:
    Dec 19, 2010
    Messages:
    188
    Location:
    Lake Ontario
    Country:
    Canada
    I have a program with a built-in trial period and two files, a .exe and a .dll to replace. I scanned both using virustotal, then ran them on my computer and then ran a specialized scanner/removal tool for the only positive virustotal gave me (on only 1/46 scanners) and it found nothing at all, so I'm pretty sure these files are not malicious. However, I am using a limited user account and even when granting full control priviledges over the program folder, it still says that it can not access things it needs so it actually needs more priviledges on other system components. I can Program Monitor and saw it touching some important system components when being run from a superuser account. I am new to this level of management and am very curious about 1. What it's doing and 2. What privileges I now need to grant this user account.
     
  2. Rydian

    Member Rydian Resident Furvertâ„¢

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    If you do have access to an admin account, use unlocker to make that that no higher process is trying to use those files at the time you're trying to replace them.
    http://www.emptyloop.com/unlocker/

    Anyways, they need admin/install access to be able to write to /program files/ (which is outside of their account), so it's not just a program launch issue. Same permissions as being able to install programs should work.
     
  3. caribou007
    OP

    Member caribou007 GBAtemp Regular

    Joined:
    Dec 19, 2010
    Messages:
    188
    Location:
    Lake Ontario
    Country:
    Canada
    Turns out it's nothing to do with the crack. The program itself requires to be run by an Administrator account. I tried making the account a Power User, and I also tried giving it Full Control permissions for the Prefetch and .NET Framework folder, as well a ntdll.dll, (a few of the things I saw the application accessing). It still requires an Administrator account. I don't know how to make it run without one. If you want to take a look, it's PaintTool SAI - a free download.


    Here's the File Summary from Process Monitor, as I understand it, this lists all the files PaintTool SAI touches. (It's a text file, you can open it with Notepad.)
     
  4. Rydian

    Member Rydian Resident Furvertâ„¢

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Install it somewhere within the user's account, like a folder on their desktop. Then maybe it'll run without admin rights (since when writing locally it'll be writing within the user's account, not the system folders).

    I don't want to sign up to download a file... copy the text and put it on something like http://pastebin.com/ to be quicker?
     
  5. caribou007
    OP

    Member caribou007 GBAtemp Regular

    Joined:
    Dec 19, 2010
    Messages:
    188
    Location:
    Lake Ontario
    Country:
    Canada
    Sorry, I didn't know what website to use to upload it to, I rarely upload files. I'll use pastbin from now on tho. I didn't know that site makes you signup just to download a file, that sucks.

    Made some progress:

    I had the Secondary Login service disabled, and enabling it allowed me to use the Run As command without an error.

    I'm not sure, but I don't think that it was even necessary to use the Runas command after that. I think I just double clicked the .exe and it worked. It's probably because I had already run the .exe when logged in with the administrator account, and having Seconday Login started when I did it was probably all it needed.

    The weird thing is, although I don't need to use Runas on the limited account with the original .exe, when I copied over the cracked .exe and .dll, even tho Secondary Login was now started, it shows the same dialog every time, telling me "You need to run as an administrator in order to setup this software for the first time". So, while the original .exe only required that to happen once and then never again, the cracked version required to be Runas administrator every time. It's a bit annoying, because it means entering the password each time, but it's more strange. I would really like to know why that is. It's rather suspicious, however, I did thoroughly check for malicious software, so I'm not too worried. I just wonder what's wrong now.
     
  6. Rydian

    Member Rydian Resident Furvertâ„¢

    Joined:
    Feb 4, 2010
    Messages:
    27,883
    Location:
    Cave Entrance, Watching Cyan Write Letters
    Country:
    United States
    Well if it needs to write files per-user (outside of the user-writable directory), you could try to find which files it's writing, and then just make new copies per account? Might be registry info too.
     
  7. nl255

    Member nl255 GBAtemp Advanced Maniac

    Joined:
    Apr 9, 2004
    Messages:
    1,998
    Country:
    Or it could be checking for Admin access on it's own and refusing to run without it even though it doesn't really need it simply because checking for Administrtor privileges manually is easier than verifying it has all the necessary permissons. Some software does that and the only fix is to learn ASM and patch out the check manually.
     

Share This Page