please help

Satyric0n check your pm...

Satyric0n check your pm...again

anyone else have any ideas??

[dyn!o]

There is no problem (as always ).

First of all you have to discover how the dll communicate with the base (exe or other dll). Generally there are two possibilities:

1. The dll is physically extracted at runtime to TEMP folder and then communicate via usual way. If you encounter this one then it is more than easy - all you have to do is to find the place where this dll is extracted and make a backup during usual program execution. Then you can dance and make yourself "feel good".

2. The dll is dynamically hooked at the runtime via loader (which can be executed as part of a packer) and it is being hidden during usual program execution. You can't see it because all API calls and dll initialization moment is being handled by the loader. In this case you have more work (about 20 minutes) because you need to extract the dll at its initialization moment, thus you need to verify if import table does need rebuilding.

Bla bla...
Anyway, you can always prepare direct attack on the dll - no matter how much layers it uses. Just look at the latest Paradox SwishMax 2004.02 crack - they did fuck**g good job (as the only one). Probably you can learn a lot from this crack (multiloader).

Best regards,
dyn!o

thanks dyno ill read it also.

dyno, where do i find this tut at??? I searched this forum, nothing, did a yahoo search, nothing...

thanks,

jdog

[dyn!o]

Oops... I didn't say there is a tutorial available

I said that you should look at SwishMax 2004.02 and try to crack it - it's very good challange. If you fail then get Paradox relase and analyze their job since they've cracked it properly as the only one.

Good luck.
dyn!o