How to protect startup object

[chinkuang]

Hi Everyone:

I have a question here: I used a startup object to protect my
application - whenever PC starts up, I will check the setting of my
application like registry, program files and so on, if they have been
tampered then I will restore the original settings from the backup
files I store in some hidden place.

However now a guy said he has a tool that able to modify the Windows XP
registry without even login to window - that means he can boot up the
PC from the external drive e.g. USB, diskette and so on. So he is able
to find my startup object registry key and deleted it. As a result, he
able to crack my application without login to the windows.

Could anyone please suggest me a way to prevent this crack? I have
scratched my head but still unable to find a way to counter this since
whatever startup object I used, he also able to remove it from his
hacking tool.

Please help. Thank you very much in advance.

 

[Githlar]

I may be misunderstanding your question, but he's going to have to log
on eventually and when he does your program would restore the correct
values, right? So what's the problem? I suppose you'll have to be a
little more specific.

Githlar

 

[chinkuang]

No, that guy said he have a hacking tool which is bootable. I never saw
the tool before. He said with that tool, he can gain access to Windows
XP registry without login to windows. He even told me that he can reset
the Windows XP Administrator password to blank. He propose that in
order to prevent him from modify the registry, I can encrypt the
registry. However I feel this is impossible because those registry keys
are used by windows itself and not my application.

 

[Githlar]

Encrypting the registry would be a very drastic measure and not
something that you'd generally want to do. For example, what if your
algorithm messed up. The users registry would be fried. If the malicious
person is booting off of a floppy disk, then they probably won't even be
able to run your program in that 8-bit mode, so I wouldn't think that
you'd have anything to worry about. If they wanted to use your program,
they'd have to boot into 32-bit mode by booting Windows which would
then reset the values. If nothing else, you could just encrypt the
registry values themselves to make it much more difficult for somebody
to change it accurately. Might I suggest a hashing function such as MD5?

 

[chinkuang]

Actually the application I am doing is to enhance the windows security,
that means users must pass through my authentication then only they can
proceed to login to windows. However, this guy is a somewhat hacker
that trying to crack my system. So he said he is able to modify the
registry from his hacking tool - booting up the system from either USB,
CD or diskette, then he can change the related registry keys to disable
my application ). As a result, he screw up my application and break my
security. So now he challenges me how can i prevent him from breaking
my application.

To my knowledge, I always assume one must login to windows first
(either SafeMode, Normal or whatever) in order to change the windows
registry. But he told me this is not true, that's why I failed.

Anyone has a better idea to counter this? Thank you very much for any
suggestion.

 

[red floyd]

Hi Everyone:

[incredibly OT post redacted]

And what, precisely was your C++ language question?

 

[Githlar]

Haha. There's always a workaround. There is no way to prevent his type
of hacking unless you can find a way to initialize you application
before Windows starts. I've personally used a Linux live disk (see
http://www.thebroken.org/) to recover my Windows password when it
wouldn't've been possible to do so otherwise because Windows would lock
the files as soon as it starts. Well, I take that back. There is a
workaround to that to using the scheduler service.

I believe the old Norton Antiviruses would scan your disk for viruses
before Windows started. I can't remember that far back, so I could be
wrong. Personally, I know of no way to do this though.

All in all, you'd have to find a way to make your program boot BEFORE
Windows (or his diskette) is able to boot. This would mean making an
8-bit application. Other than that I can't be of much more use to you.

 

[chinkuang]

I am sorry, actually my question is more related to Windows Operating
System. Because my program is written in C++, so I posted my question
in this forum. My question is how to prevent people from modifying
registry keys from DOS mode?

 

[Me]

Actually the application I am doing is to enhance the windows security,
that means users must pass through my authentication then only they can
proceed to login to windows.

You bypassed NT login? I highly doubt it.

However, this guy is a somewhat hacker
that trying to crack my system. So he said he is able to modify the
registry from his hacking tool - booting up the system from either USB,
CD or diskette, then he can change the related registry keys to disable
my application ).

So in other words, he's using http://home.eunet.no/pnordahl/ntpasswd/

As a result, he screw up my application and break my
security. So now he challenges me how can i prevent him from breaking
my application.

To my knowledge, I always assume one must login to windows first
(either SafeMode, Normal or whatever) in order to change the windows
registry. But he told me this is not true, that's why I failed.

Anyone has a better idea to counter this? Thank you very much for any
suggestion.

You can't, if somebody has physical access to a machine, you've already
lost. The windows process is a closed system with your program running
inside it. Somebody running outside that closed system (i.e. running
windows inside a VM or reading the disk without booting to the OS on
the disk you expect to be running under) can always do whatever they
want. You can require your program only work on a Trusted Computing
(misnomer alert) machine if you want to protect against this sort of
thing. But as a user, I'd appreciate you not messing around with my
computer making sure your program cannot be manipulated.

p.s. This is totally off topic for comp.lang.c++
p.p.s. http://cfaj.freeshell.org/google/

 

[Jack Klein]

I am sorry, actually my question is more related to Windows Operating
System. Because my program is written in C++, so I posted my question
in this forum. My question is how to prevent people from modifying
registry keys from DOS mode?

Your question is completely off-topic here. C++ does not know
anything about the Windows registry or "DOS" mode. This is a Windows
question and needs to be asked in a Windows programming group.

 

[red floyd]

I am sorry, actually my question is more related to Windows Operating
System. Because my program is written in C++, so I posted my question
in this forum. My question is how to prevent people from modifying
registry keys from DOS mode?

Standard C++ has no notion of registry keys or DOS mode.

Please ask your question in a Microsoft specific newsgroup, you'll get
more and better responses.

 

[chinkuang]

Ok, thank you very much for all the comments. Appreciate very much of
all the provided help.

I will post my question to correct forum next time. Anyway, thank you.

 

[coal_brona]

Hello,

Actually it is possible to reset lost or forgotten login pass, using
such util like Active@ Password Changer. It is easy to use and can
quickly perform the operation. I suppose you will find it useful.

http://www.password-changer.com/