Created
February 26, 2017 23:13
-
-
Save ryhanson/40a855ee9fd4e1336e302de256c2ddd3 to your computer and use it in GitHub Desktop.
Proof of concept console application that bypasses program trials protected by ASProtect.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Microsoft.Win32; | |
| using System; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| using System.Threading; | |
| namespace ResetASProtectTrial | |
| { | |
| class Program | |
| { | |
| // Run elevated to allow system time to be set | |
| // Usage: ResetASProtectTrial.exe "C:\Program Files\Path\To\Trial\Protected by ASProtect\App.exe" | |
| static void Main(string[] args) | |
| { | |
| var exePath = args[0]; | |
| var si = new STARTUPINFO(); | |
| var pi = new PROCESS_INFORMATION(); | |
| // Start protected program in a suspended state | |
| var success = NativeMethods.CreateProcess(exePath, null, | |
| IntPtr.Zero, IntPtr.Zero, false, | |
| ProcessCreationFlags.CREATE_SUSPENDED, | |
| IntPtr.Zero, null, ref si, out pi); | |
| // Delete the ASProtect Registry Tree | |
| var keyName = @"Software\ASProtect"; | |
| Registry.CurrentUser.DeleteSubKeyTree(keyName); | |
| // Get the date creation/install date of protected program | |
| var installDate = Directory.GetCreationTime(Path.GetDirectoryName(exePath)); | |
| var sysTime = new SYSTEMTIME(); | |
| var localTime = new SYSTEMTIME(); | |
| // Get both system and local times | |
| NativeMethods.GetSystemTime(ref sysTime); | |
| NativeMethods.GetLocalTime(ref localTime); | |
| // Save a copy of the current times | |
| var origSysTime = sysTime; | |
| var origLocalTime = localTime; | |
| // Set the system date to the install date | |
| sysTime.wYear = (short)installDate.Year; | |
| sysTime.wMonth = (short)installDate.Month; | |
| sysTime.wDay = (short)installDate.Day; | |
| sysTime.wDayOfWeek = (short)installDate.DayOfWeek; | |
| NativeMethods.SetSystemTime(ref sysTime); | |
| // Set the local date to the install date | |
| localTime.wYear = (short)installDate.Year; | |
| localTime.wMonth = (short)installDate.Month; | |
| localTime.wDay = (short)installDate.Day; | |
| localTime.wDayOfWeek = (short)installDate.DayOfWeek; | |
| NativeMethods.SetLocalTime(ref localTime); | |
| // Resume the process | |
| IntPtr ThreadHandle = pi.hThread; | |
| NativeMethods.ResumeThread(ThreadHandle); | |
| // Wait a second | |
| Thread.Sleep(1000); | |
| // Set the times back to originals | |
| NativeMethods.SetSystemTime(ref origSysTime); | |
| NativeMethods.SetLocalTime(ref origLocalTime); | |
| } | |
| } | |
| public static class NativeMethods | |
| { | |
| [DllImport("kernel32.dll")] | |
| public static extern bool CreateProcess(string lpApplicationName, | |
| string lpCommandLine, IntPtr lpProcessAttributes, | |
| IntPtr lpThreadAttributes, | |
| bool bInheritHandles, ProcessCreationFlags dwCreationFlags, | |
| IntPtr lpEnvironment, string lpCurrentDirectory, | |
| ref STARTUPINFO lpStartupInfo, | |
| out PROCESS_INFORMATION lpProcessInformation); | |
| [DllImport("kernel32.dll")] | |
| public static extern uint ResumeThread(IntPtr hThread); | |
| [DllImport("kernel32.dll")] | |
| public static extern uint SuspendThread(IntPtr hThread); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| public static extern bool SetSystemTime(ref SYSTEMTIME st); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| public static extern bool GetSystemTime(ref SYSTEMTIME st); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| public static extern bool SetLocalTime(ref SYSTEMTIME st); | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| public static extern bool GetLocalTime(ref SYSTEMTIME st); | |
| } | |
| [Flags] | |
| public enum ProcessCreationFlags : uint | |
| { | |
| ZERO_FLAG = 0x00000000, | |
| CREATE_BREAKAWAY_FROM_JOB = 0x01000000, | |
| CREATE_DEFAULT_ERROR_MODE = 0x04000000, | |
| CREATE_NEW_CONSOLE = 0x00000010, | |
| CREATE_NEW_PROCESS_GROUP = 0x00000200, | |
| CREATE_NO_WINDOW = 0x08000000, | |
| CREATE_PROTECTED_PROCESS = 0x00040000, | |
| CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000, | |
| CREATE_SEPARATE_WOW_VDM = 0x00001000, | |
| CREATE_SHARED_WOW_VDM = 0x00001000, | |
| CREATE_SUSPENDED = 0x00000004, | |
| CREATE_UNICODE_ENVIRONMENT = 0x00000400, | |
| DEBUG_ONLY_THIS_PROCESS = 0x00000002, | |
| DEBUG_PROCESS = 0x00000001, | |
| DETACHED_PROCESS = 0x00000008, | |
| EXTENDED_STARTUPINFO_PRESENT = 0x00080000, | |
| INHERIT_PARENT_AFFINITY = 0x00010000 | |
| } | |
| public struct STARTUPINFO | |
| { | |
| public uint cb; | |
| public string lpReserved; | |
| public string lpDesktop; | |
| public string lpTitle; | |
| public uint dwX; | |
| public uint dwY; | |
| public uint dwXSize; | |
| public uint dwYSize; | |
| public uint dwXCountChars; | |
| public uint dwYCountChars; | |
| public uint dwFillAttribute; | |
| public uint dwFlags; | |
| public short wShowWindow; | |
| public short cbReserved2; | |
| public IntPtr lpReserved2; | |
| public IntPtr hStdInput; | |
| public IntPtr hStdOutput; | |
| public IntPtr hStdError; | |
| } | |
| public struct PROCESS_INFORMATION | |
| { | |
| public IntPtr hProcess; | |
| public IntPtr hThread; | |
| public uint dwProcessId; | |
| public uint dwThreadId; | |
| } | |
| [StructLayout(LayoutKind.Sequential)] | |
| public struct SYSTEMTIME | |
| { | |
| public short wYear; | |
| public short wMonth; | |
| public short wDayOfWeek; | |
| public short wDay; | |
| public short wHour; | |
| public short wMinute; | |
| public short wSecond; | |
| public short wMilliseconds; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Once compiled, it runs fine, but at least on ASProtect 2.77 it does not reset counter to zero