Results 1 to 3 of 3

Thread: How to patch an encrypted dll after it's loaded?

Hybrid View

  1. #1
    scruffy
    Guest

    How to patch an encrypted dll after it's loaded?

    I hope some of you clever guys can help me.

    I've managed to patch encrypted exe files before by creating a loader/WriteProcessMemory but now I need to do this with an encrypted dll. This particular dll is itself called by an encrypted exe which I've managed to dump but I have no idea how to access the unencrypted dll memory for patching once it's loaded!

    I think the dll is packed using armadillo cos pe-scan tells me there's a 90%+ match using the heuristic search.

    Please help!!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    scruffy
    Guest

    Got it!

    I managed to get it done!

    I used ProcDump to dump the decrypted dll to a file for disassembly and then used thewd's excellent "Process Patcher" utility to patch the dll after it loaded. It allowed me to patch the dll loaded by the child process created by the original encrypted exe.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    I like posts like this one

    He managed to think and solve his own problem.

    Peace, Woodmann

Similar Threads

  1. encrypted harddisk
    By OHPen in forum RCE Cryptographics
    Replies: 13
    Last Post: January 29th, 2009, 12:55
  2. How best to approach encrypted files?
    By VeeDub in forum The Newbie Forum
    Replies: 14
    Last Post: June 5th, 2006, 17:46
  3. old encrypted cd
    By kqt in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 4th, 2002, 01:24
  4. encrypted .exe?
    By spamal in forum Malware Analysis and Unpacking Forum
    Replies: 8
    Last Post: January 4th, 2001, 15:48

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •