Hello,

Sice a DLL is mapped in the process address space, you can patch it easily, as you would nomally do with an executable file.

Fist of all, get the Image_Base address of the DLL (PE signature + 0x34) in an hex or PE editor and do appropriate VA/RVA conversion to get the location of the bytes to patch. On the other hand you can debug the DLL to get the exact location of the bytes to patch. Just get the address and the bytes to patch in the DLL, that's all !

(If you use OllyDBG, just do an ALT+M to see the process adress space, there you can locate you DLL and dump it in the disassembler view).

Another thing (maybe I've misunderstood what you want to patch), patching at runtime won't disable the CRC check, if you don't patch the check itself, since the loader will patch just after the thread came alive in the O.S, the CRC check will be performed, and your patched bytes will be caught.

Patch the executable crc check, patch the DLL crc check as you normally do with the EXE.

Regards, Neitsa.