Hello,
Quote:
|
In my case i could bypass the CRC checks with this because they are performed on the Files itself
|
Damn, if I'm programming a CRC check I would do it both on file and memory ! So ok, if it's done only on file, you're right, please forgive me.
As you're creating yourself the process, retrieving the DLL base is easy with this API: EnumProcessModules.
Then you can extract some information with those API's:
-GetModuleBaseName
-GetModuleFileName
-GetModuleInformation
There's also another by getting the PEB of the process, and reading some fields from it. In fact interesting fields for your case are located in the PEB_LDR_DATA struct which is a currently holding information about Loaded modules. This is a far complex way to retrieve the same informations.
A problem comes when the DLL isn't loaded in the program and will be loaded later with a 'LoadLibrary'.
Well, one possibility :
-Hooking the LoadLibrary function from the program and then performing the above trick.
Maybe threre are some other ways when the DLL is not loaded when launching the program but I can't see them...
I'll try to code something, try also on your side.
Regards, Neitsa.