Small asm to change local time's year

[Sma11s]

So I downloaded IDA Pro a long time ago, and I wanted to install it in my virtual machine. Unfortunately, it has a hard coded expiration date -- It's not a timed trial. So, I figured out I could just change the date in my system tray, and it would allow it to run. When I reboot my VM, the system time changes again, and I have to keep repeating the process (VMWare pushes the date correction). Anyhow, I just wanted to pass on something for the upcoming coders -- a very small app I just wrote in assembly to change just the year (back to 2010) when I boot up.

.386
.model flat, stdcall
option casemap :noneinclude \masm32\include\windows.inc
include \masm32\include\kernel32.incincludelib \masm32\lib\kernel32.lib.data
    MyTime db 16 dup (00).code
    start:
        invoke GetLocalTime, offset MyTime
        mov MyTime, 0DAh
        invoke SetLocalTime, offset MyTime
        invoke ExitThread, 0
    end start

The above code simply sets up a pointer (MyTime) to a 16 byte address space in memory for the GetLocalTime and SetLocalTime API functions to utilize. Then, I call the GetLocalTime, passing in the MyTime offset so it knows where to dump it's output information. The information it returns is, for example, "07 DB 00 05 00 04 00 0C 00 15 00 1A 00 03 01 E7" which hols all the timestamp information. Of course, it writes it out into 8 different memory addresses, in little endian notation. So the first thing it returns is the year (2011) which is 07DB in hex. It stores this as DB07 in memory, though. So since the DB is the smaller increment value, that's the one I modify to change the year from 2011 to 2010. So I just execute a move instruction, pushing in the DA value into that memory address. Yes, I have 2010 hard coded, but you could change this for your needs to be dynamic. The next instruction invokes the SetLocalTime API call, which I pass in the same pointer, as it knows how many bytes it needs to reach, and how many times to do it. VOILA, it's done! Then I call the ExitThread just to clean everything up. If you tried to run the application by double clicking it on your desktop, it would error out if you didn't have the ExitThread in there, though you could execute if from a command prompt.

Here's how it looks in OllyDbg:

00401000 >/$  68 00304000   PUSH Set2010.00403000                    ; /pLocaltime = Set2010.00403000
00401005  |.  E8 1E000000   CALL <JMP.&KERNEL32.GetLocalTime>        ; \GetLocalTime
0040100A  |.  C605 00304000>MOV BYTE PTR DS:[403000],0DA
00401011  |.  68 00304000   PUSH Set2010.00403000                    ; /pLocalTime = Set2010.00403000
00401016  |.  E8 13000000   CALL <JMP.&KERNEL32.SetLocalTime>        ; \SetLocalTime
0040101B  |.  6A 00         PUSH 0                                   ; /ExitCode = 0
0040101D  \.  E8 00000000   CALL <JMP.&KERNEL32.ExitThread>          ; \ExitThread

So now I place that either in the registry under the RUN keys, or put it in the startup folder in the start menu, and the date will be set to 2010 each time I log in =)

Edited May 13, 2011 by Sma11s

[Apuromafo]

nice,

this app do something similar for something app
/>http://www.nirsoft.net/utils/run_as_date.html

greetings Apuromafo

IDA it has a hard coded expiration date -

emm not thing that..

hard coded licence, but limitation of 30 days not are good

Edited May 13, 2011 by Apuromafo

[kao]

Making your own tools and reinventing the wheel is so much more fun than reading documentation about Windows and/or VMWare..

Solution 1 - using Windows built-it tools (based on http://www.mrexcel.com/forum/showthread.php?t=379862)

Add this bat file to Windows startup, it will change the date 10 years back:

@ECHO OFF
FOR /F "TOKENS=1,2 DELIMS=/.-" %%A IN ('DATE /T') DO SET dd=%%A
FOR /F "TOKENS=2,3 DELIMS=/.-" %%A IN ('DATE /T') DO SET mm=%%A
FOR /F "TOKENS=3* DELIMS=/.-" %%A IN ('DATE /T') DO SET yyyy=%%A
SET /A yyyy=%yyyy%+10
SET NewDate=%dd%/%mm%/%yyyy%
REM NET STOP w32time
ECHO Current date is:
DATE /T
DATE %NewDate%
ECHO New date is:
DATE /T
PAUSE

Solution 2 - using VMWare settings (details in http://www.vmware.com/files/pdf/Timekeeping-In-VirtualMachines.pdf):

Option     Effect
tools.syncTime     If set to TRUE, the clock syncs periodically.
time.synchronize.continue     If set to TRUE, the clock syncs after taking a snapshot.
time.synchronize.restore     If set to TRUE, the clock syncs after reverting to a snapshot.
time.synchronize.resume.disk     If set to TRUE, the clock syncs after resuming from suspend and after migrating to a new host using the VMware vMotion feature.
time.synchronize.shrink     If set to TRUE, the clock syncs after defragmenting a virtual disk.
time.synchronize.tools.startup     If set to TRUE, the clock syncs when the tools daemon starts up, normally while the guest operating system is booting.

[Sma11s]

The reason I chose to reinvent the wheel in this case is that I like to do things the hard way. It's honestly the best way to learn how to do things with programming, or to stay fresh. In this case, I've been doing reversing for a while, but never writing actual assembly programs from scratch. So yesterday I grabbed MASM32 and started going through a few tutorials for syntax of variable declarations, etc.

EDIT:

As far as IDA goes, I think they have the exe dynamically generated when you download it. The file has the hard coded limitation of 30 days from the time you download it.

Edited May 13, 2011 by Sma11s