Jump to content
Tuts 4 You

Small asm to change local time's year


Sma11s

Recommended Posts

So I downloaded IDA Pro a long time ago, and I wanted to install it in my virtual machine. Unfortunately, it has a hard coded expiration date -- It's not a timed trial. So, I figured out I could just change the date in my system tray, and it would allow it to run. When I reboot my VM, the system time changes again, and I have to keep repeating the process (VMWare pushes the date correction). Anyhow, I just wanted to pass on something for the upcoming coders -- a very small app I just wrote in assembly to change just the year (back to 2010) when I boot up.


.386
.model flat, stdcall
option casemap :noneinclude \masm32\include\windows.inc
include \masm32\include\kernel32.incincludelib \masm32\lib\kernel32.lib.data
MyTime db 16 dup (00).code
start:
invoke GetLocalTime, offset MyTime
mov MyTime, 0DAh
invoke SetLocalTime, offset MyTime
invoke ExitThread, 0
end start

The above code simply sets up a pointer (MyTime) to a 16 byte address space in memory for the GetLocalTime and SetLocalTime API functions to utilize. Then, I call the GetLocalTime, passing in the MyTime offset so it knows where to dump it's output information. The information it returns is, for example, "07 DB 00 05 00 04 00 0C 00 15 00 1A 00 03 01 E7" which hols all the timestamp information. Of course, it writes it out into 8 different memory addresses, in little endian notation. So the first thing it returns is the year (2011) which is 07DB in hex. It stores this as DB07 in memory, though. So since the DB is the smaller increment value, that's the one I modify to change the year from 2011 to 2010. So I just execute a move instruction, pushing in the DA value into that memory address. Yes, I have 2010 hard coded, but you could change this for your needs to be dynamic. The next instruction invokes the SetLocalTime API call, which I pass in the same pointer, as it knows how many bytes it needs to reach, and how many times to do it. VOILA, it's done! Then I call the ExitThread just to clean everything up. If you tried to run the application by double clicking it on your desktop, it would error out if you didn't have the ExitThread in there, though you could execute if from a command prompt.

Here's how it looks in OllyDbg:


00401000 >/$ 68 00304000 PUSH Set2010.00403000 ; /pLocaltime = Set2010.00403000
00401005 |. E8 1E000000 CALL <JMP.&KERNEL32.GetLocalTime> ; \GetLocalTime
0040100A |. C605 00304000>MOV BYTE PTR DS:[403000],0DA
00401011 |. 68 00304000 PUSH Set2010.00403000 ; /pLocalTime = Set2010.00403000
00401016 |. E8 13000000 CALL <JMP.&KERNEL32.SetLocalTime> ; \SetLocalTime
0040101B |. 6A 00 PUSH 0 ; /ExitCode = 0
0040101D \. E8 00000000 CALL <JMP.&KERNEL32.ExitThread> ; \ExitThread

So now I place that either in the registry under the RUN keys, or put it in the startup folder in the start menu, and the date will be set to 2010 each time I log in =)

Edited by Sma11s
Link to comment

nice,

this app do something similar for something app
/>http://www.nirsoft.net/utils/run_as_date.html

greetings Apuromafo

IDA it has a hard coded expiration date -

emm not thing that..

hard coded licence, but limitation of 30 days not are good

Edited by Apuromafo
Link to comment

Making your own tools and reinventing the wheel is so much more fun than reading documentation about Windows and/or VMWare.. :thumbsup:

Solution 1 - using Windows built-it tools (based on http://www.mrexcel.com/forum/showthread.php?t=379862)

Add this bat file to Windows startup, it will change the date 10 years back:


@ECHO OFF
FOR /F "TOKENS=1,2 DELIMS=/.-" %%A IN ('DATE /T') DO SET dd=%%A
FOR /F "TOKENS=2,3 DELIMS=/.-" %%A IN ('DATE /T') DO SET mm=%%A
FOR /F "TOKENS=3* DELIMS=/.-" %%A IN ('DATE /T') DO SET yyyy=%%A
SET /A yyyy=%yyyy%+10
SET NewDate=%dd%/%mm%/%yyyy%
REM NET STOP w32time
ECHO Current date is:
DATE /T
DATE %NewDate%
ECHO New date is:
DATE /T
PAUSE

Solution 2 - using VMWare settings (details in http://www.vmware.com/files/pdf/Timekeeping-In-VirtualMachines.pdf):


Option Effect
tools.syncTime If set to TRUE, the clock syncs periodically.
time.synchronize.continue If set to TRUE, the clock syncs after taking a snapshot.
time.synchronize.restore If set to TRUE, the clock syncs after reverting to a snapshot.
time.synchronize.resume.disk If set to TRUE, the clock syncs after resuming from suspend and after migrating to a new host using the VMware vMotion feature.
time.synchronize.shrink If set to TRUE, the clock syncs after defragmenting a virtual disk.
time.synchronize.tools.startup If set to TRUE, the clock syncs when the tools daemon starts up, normally while the guest operating system is booting.
Link to comment

The reason I chose to reinvent the wheel in this case is that I like to do things the hard way. It's honestly the best way to learn how to do things with programming, or to stay fresh. In this case, I've been doing reversing for a while, but never writing actual assembly programs from scratch. So yesterday I grabbed MASM32 and started going through a few tutorials for syntax of variable declarations, etc.

EDIT:

As far as IDA goes, I think they have the exe dynamically generated when you download it. The file has the hard coded limitation of 30 days from the time you download it.

Edited by Sma11s
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...