Results 1 to 4 of 4

Thread: How to Trace Our Module

  1. #1
    Zkhan13
    Guest

    How to Trace Our Module

    I tried to patch a CD protection and it works pretty well.But i can't
    Make it a Permanent One with 'Hiew'.The techniques described in this post is also not helping me very much.
    I doubt the patch i had made in memory was on a DLL?!!!
    How i could kow that while tracing Soft Ice traces on My Target EXE
    it self (By seeing the name in Bottom right Corner Right.)
    If i am wrong please tell me more about it
    Thanx in Advance
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Try to rephrase your questions, and what you have tried in a list of short sentences. I can only glimpse what your problems are.

  3. #3
    Zkhan13
    Guest
    Well.I patched on an Offset 6b809264.But it is not found on 'HIEW".
    So i thought the patched code would be a DLL, where i can run the program. But after re-starting i can't Run it...

    That is why i could n't find that address in HIEW.

    my question was how to find out that we are still working on that target EXE, not a dll outside the code.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    banshee
    Guest
    Try to look at your target in any petool like procdump or lordpe. Choose your target from a list of processes and examine what dll's it uses. Also you'll see there base addresses of each dll. If the address is close to your patched offset you can treat it as dll you that need, i.e. 6b800000 or 6b700000 base address would satisfy your search. Than simply patch that dll

    The other way to make loader for your target that will patch your app not permanently (only in memory). I'd suggest to use R!SC's PROCESS PATCHER. It's a bit old, but I like it very much.

    my question was how to find out that we are still working on that target EXE, not a dll outside the code.
    About your question. You can simply calculate range of the addresses of your exe. Use any peeditor.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Run Trace
    By tutenKam in forum The Newbie Forum
    Replies: 7
    Last Post: January 19th, 2014, 01:28
  2. Hidden Kernel Module (Driver) detection techniques
    By Ramsey in forum Advanced Reversing and Programming
    Replies: 12
    Last Post: March 10th, 2011, 09:08
  3. Processor Module absolute address problems
    By hwnd in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: November 5th, 2009, 15:15
  4. Replies: 0
    Last Post: January 12th, 2008, 00:08
  5. BPRW <Module> code:T...
    By Bengaly in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: August 12th, 2001, 01:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •