What's new
RevTeam.Re - Reverse Engineering Team

Welcome Guest! Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox! Register and wait for our approve!

DATE spoofer POC by Stingered

Stingered

Well-known member
Joined
Jan 11, 2022
Messages
123
Reaction score
809
Setdate v0.0.1 by Stingered (2026)
*POC (Proof of Concept)
Command-line usage: SetDate.exe <target.exe> <YYYY> <MM> <DD> <HH> <mm> <ss>
A simple POC tool that demonstrates how to manipulate the date and time seen by a target process.
It uses the "Detours" library to inject hooks.DLL into the target process, which hooks various Windows time-related
APIs to return a fake date specified by the user. The loader creates the target process in a suspended state, injects
the DLL, sends the fake date as payload, and then resumes the process. There are architectural considerations to keep
in mind when compiling this code. The SetDate (loader) and hooks.dll must be compiled for the same architecture
(x86 or x64) as the target process. For example, if the target process is 64-bit, both the loader and hooks.dll must
be compiled as 64-bit binaries. As of yet, I have not figured outed out a stable method to inject a 32-bit DLL into
a 64-bit process and vice versa.
Note: hooks.dll is required to use with this loader.

Hooks v0.0.1 by Stingered (2026)
A simple POC DLL that hooks various Windows time-related APIs to return a fake date.
Requires the "Detours" library for compilation and linking.
Note: Setedate v0.0.1 is required to use with this DLL.

Timecheck v0.0.1 by Stingered (2026) - tool #1
This is a simple C++ program that demonstrates multiple methods of retrieving and displaying the current date and time
on a Windows system. It uses both Win32 API functions and the standard C library to show how different approaches can
yield the same result. The program also includes an uptime check using GetTickCount().
Note: This is to be used with SetDate v0.0.1 and hooks.dll to verify that the date manipulation is working correctly
across all methods.

TrialTSTR v0.0.1 by Stingered - tool @2
A simple 14 day trial test app. On first load it will create a registry key to store the installation date.
On subsequent loads it will check the registry key and calculate the remaining trial days. If the trial has
expired, it will show an expiration message. Otherwise, it will show the number of days remaining in the trial.
Note: This is to be used with Setdate v0.0.1 and Hooks v0.0.1 to test trial expiration functionality.


OTHER:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\TrialTSTR]
"InstallDate"=hex(b):ff,4c,f9,69,00,00,00,00


Binaries - MD5

x86:
hooks.dll - 694BE33CBC7803D73C5CC21886876349
SetDate.e xe - 1095828E51DC51165AAE945190DCED0D
TimeCheck.exe - CD6DB5706B1FE40C4DAF63E37ADD987E
TrialTSTR.exe - 005377329D2F1E6D2926A176738C64C3

x64:
hooks.dll - 6AB63CDD6820A7841A074A272181CF97
SetDate.e xe - AADA384C0162744B2431CEE96B5407BD
TimeCheck.exe - D73FB3FFE5FA1D6088DD40761A92FB62
TrialTSTR.exe - 35527B44AB7BBFCAE75F43AA28D94A49

Download link attached.

 

pamelax

Well-known member
Joined
Sep 19, 2021
Messages
127
Reaction score
99
Please, Log in to view quote content!
Hi,a question:
i run timecheck.exe,it give actual date time..i run trialstr.exe it give 14 days trial ok,but when i run SetDate.exe TrialTSTR.exe 2026 05 31 to check if it remain 14 days -2 actual time of the post,it give me Usage: loader.exe <target.exe> <YYYY> <MM> <DD> <HH> <mm> <ss>,what's wrong?
 

Stingered

Well-known member
Joined
Jan 11, 2022
Messages
123
Reaction score
809
Please, Log in to view quote content!
Can you take a screen shot or provide a step-by-step to repro? I am unable to reproduce the behavior. In testing, I did find a bug in TrialTSTR regarding the InstallDate key, but I do not think this would effect you; only someone who maually deleted that key. I will update the link after a bit more testing.
 
Last edited:

Stingered

Well-known member
Joined
Jan 11, 2022
Messages
123
Reaction score
809
Setdate v0.0.2 update - minor bug fixes and updates

*POC (Proof of Concept)
Command-line usage: SetDate.exe <target.exe> <YYYY> <MM> <DD> <HH> <mm> <ss>
A simple POC tool that demonstrates how to manipulate the date and time seen by a target process.
It uses the "Detours" library to inject hooks.DLL into the target process, which hooks various Windows time-related
APIs to return a fake date specified by the user. The loader creates the target process in a suspended state, injects
the DLL, sends the fake date as payload, and then resumes the process. There are architectural considerations to keep
in mind when compiling this code. The SetDate (loader) and hooks.dll must be compiled for the same architecture
(x86 or x64) as the target process. For example, if the target process is 64-bit, both the loader and hooks.dll must
be compiled as 64-bit binaries. As of yet, I have not figured outed out a stable method to inject a 32-bit DLL into
a 64-bit process and vice versa.
Note: hooks.dll is required to use with this loader.

Hooks v0.0.1 by Stingered (2026)
A simple POC DLL that hooks various Windows time-related APIs to return a fake date.
Requires the "Detours" library for compilation and linking.
Note: Setedate v0.0.1 is required to use with this DLL.

Timecheck v0.0.5 by Stingered (2026)
This is a simple C++ program that demonstrates multiple methods of retrieving and displaying the current date and time
on a Windows system. It uses both Win32 API functions and the standard C library to show how different approaches can
yield the same result. The program also includes an uptime check using GetTickCount().
Note: This is to be used with SetDate v0.0.1 and hooks.dll to verify that the date manipulation is working correctly
across all methods.

TrialTSTR v0.0.4 by Stingered (2026)
A simple 14 day trial test app. On first load it will create a registry key to store the installation date.
On subsequent loads it will check the registry key and calculate the remaining trial days. If the trial has
expired, it will show an expiration message. Otherwise, it will show the number of days remaining in the trial.
Note: This is to be used with Setdate v0.0.1 and Hooks v0.0.1 to test trial expiration functionality.

GetRemainingDays() uses the InstallDate from the registry (added on initial load of TrialTSTR) to calculate
elapsed days, and uses the trial length from Days= in config.ini if the reg key InstallDate has been deleted/missing.
If neither of these can be read, then TrialTSTR will fall back to default a hard-coded 14‑day trial.


Config.INI values Used by TrialTSTR

[Trial]
Days=14
; ==============================================================================
; Defines the length of the trial period in days.
; If omitted or set to 0/negative, the program defaults to 14 days.
; ==============================================================================
[TrialMethods]
; ==============================================================================
; Only one time method can be set 1 for proper use (at this time).
; Note: Options are checked top-down. If multiple are set to 1, only the first
; detected one will be used. If all are 0, it defaults to Use_C_Time.
; ==============================================================================
Use_GetLocalTime=1
Use_FileTimeLocal=0
Use_C_Time=0
Use_Chrono=0
Use_PreciseFileTime=0
Use_AnchorTime=0


Example of how the "Days" config option can be used.
Days=7
Days=30
Days=365


How the config.ini works:

Based on the source code, the configuration file (config.ini) acts as the control panel for this application.
It expects two specific sections: [TrialMethods] (to choose how time is tracked) and [Trial] (to choose how
long the trial lasts).

Here is a complete list of all the .ini options available in the code and exactly how they modify the program's
behavior:

Section: [Trial]

This section dictates the lifespan parameters of the software trial itself.

Days=[Number]

Value expected: Any positive integer greater than 0 (e.g., Days=30, Days=45).
How it works: Every time the application boots up, it checks this value to establish the baseline length of the
trial. It uses this number in its final subtraction math (TrialDays - DaysPassed).

Fallback Behavior: If the Days key is omitted entirely, if the value is left blank, or if it is set to
a negative number or zero, the code automatically ignores it and sets the trial duration to a hardcoded default
of 14 days.

Section: [TrialMethods]

This section controls how the application requests the current time from the Windows operating system. The
program reads these options as boolean flags (1 for true/on**, 0 for false/off).

The code evaluates these flags sequentially from top to bottom. The first option set to 1 wins. If multiple options
are set to 1, only the highest one on this list executes.

1. Use_GetLocalTime=1

API Used: GetLocalTime

How it works:** Queries the Windows kernel for the current local system time, taking into account the machine's
current time zone settings. It deconstructs the time components (Year, Month, Day, etc.) and converts them into a
64-bit local epoch timestamp.

2. Use_FileTimeLocal=1

API Used: GetSystemTimeAsFileTime > FileTimeToSystemTime > SystemTimeToTzSpecificLocalTime

How it works: This is a more complex, multi-step Win32 routine. It fetches the current time as a highly precise
64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC). It then explicitly
translates that UTC structure into the system's local time zone before saving it.

3. Use_C_Time=1

API Used: time(NULL)

How it works:** Leverages the standard C-runtime library. It returns the current standard Unix timestamp
(the total number of seconds elapsed since January 1, 1970, UTC).

4. Use_Chrono=1

API Used: std::chrono::system_clock::now()

How it works:** Uses the modern C++ standard library clock. It acquires a system-wide precision time point
and converts it back to a standard time_t epoch integer.

5. Use_PreciseFileTime=1

API Used: GetSystemTimePreciseAsFileTime

How it works:
Similar to option #2, but it calls a high-resolution Windows API function. This function queries the hardware's
Advanced Programmable Interrupt Controller (APIC) or Time Stamp Counter (TSC) to get a timestamp with highest
possible precision (under 1 microsecond), before translating it back to local time.

6. Use_AnchorTime=1

API Used: time(NULL)

How it works: Acts as an alternate label, executing the exact same standard C-runtime time(NULL) tracking
mechanism as option #3.

The Fallback Behavior: If the config.ini file is missing, if the [TrialMethods] section is blank, or if
'every single option' is set to 0, the code automatically defaults to using Use_C_Time.

NOTE: This POCdoes not work with protected PEs, and why a test PE was included. Possibly a future udpate...

MD5 for x64:
hooks.dll - 586A07E771953203239CBCDDBDE34942
SetDate.exe - AADA384C0162744B2431CEE96B5407BD
TimeCheck.exe - 0D33324881C73A31BC70BCBED050AB7B
TrialTSTR.exe - 0AB1EF04BAF84016FE06345213129569

MD5 for x86:
hooks.dll - D23422B692E1ABD08E1EF0AF953B30D4
SetDate.exe - F99BDB6C742FC12271ABEA84ABB260AC
TimeCheck.exe - 0C06C802757016822399F81FAF2CD908
TrialTSTR.exe - F5B84C39FFD4319F26C0227A0FC1B788

D/L location:
 
Top