I am trying to inline patch a dll packed with pecompact v?1.84.

the first step would be finding the OEP isnt it?

when tried to load the dll into symbol loader - SICE DS 2.7(win XP no sp1) patched nmtrans.dll, siwvid.sys & ntice.sys it doesnot load.

the section characteristics of the first section ie pec1 is already E0000020.

then i tried to preload the dll adding line to winice.dat but when i

start SICE and give any command like d A90000 or BPX A90000 or

(any command a*) * = anything. SICE CRASHES with the

message Int0E Fault at address ****** offset 00006D78. If i dont load the dll and run the app then above faults dont occur but obviously I cannot set any memory breakpoints on the address I mentioned - they will be ignored.


After Unloading SICE by reboot I tried Ollydbg 1.09b loaded the exe and started a wild "trace over" (F8) once i felt i was near the call for the dll. Oops there occurs an exception in

kernel32.dll; Ok i pass it to the app using Shift+F7 or F8 but then app runs without pausing -

dll gets loaded up unpacking routine is already over . Tried

Using a plugin olly dump 2.20 to find OEP by tracing - immediately

there is an exception and an error message is displayed and the

process is terminated, Sh**t.

I tried BPX ISDEBUGGERPRESENT - Response is it breaks 60 times.

How do i find and disable the antidebugging routines used by the dll bcoz it is packed?.
SICE detection tools say it is detected only by INT 01

Plz help.