Thread: please help
View Single Post
  #11  
Old 03-22-2004, 16:11
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
  
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
dll patching - read people, read :)
There is no problem (as always ).

First of all you have to discover how the dll communicate with the base (exe or other dll). Generally there are two possibilities:

1. The dll is physically extracted at runtime to TEMP folder and then communicate via usual way. If you encounter this one then it is more than easy - all you have to do is to find the place where this dll is extracted and make a backup during usual program execution. Then you can dance and make yourself "feel good".

2. The dll is dynamically hooked at the runtime via loader (which can be executed as part of a packer) and it is being hidden during usual program execution. You can't see it because all API calls and dll initialization moment is being handled by the loader. In this case you have more work (about 20 minutes) because you need to extract the dll at its initialization moment, thus you need to verify if import table does need rebuilding.

Bla bla...
Anyway, you can always prepare direct attack on the dll - no matter how much layers it uses. Just look at the latest Paradox SwishMax 2004.02 crack - they did fuck**g good job (as the only one). Probably you can learn a lot from this crack (multiloader).

Best regards,
dyn!o
Last edited by dyn!o; 03-22-2004 at 16:13.
Reply With Quote