Results 1 to 4 of 4

Thread: DLL modification

  1. #1
    chemist
    Guest

    DLL modification

    Hi everyone I am just wondering how you update the contents of a compressed DLL file that is called from an executable.

    I have been using Olly and usually when it comes to patching an executable you just go "copy to executable...etc" after you have made your ASM changes.

    The program i am working has an executable. It calls a DLL and the serial registration routine is in there. If you open the DLL directly, it says it is compressed, encrypted or whatever and says it may not open properly. The crack is easy, simply changing a JE to a JNZ and i can do this in OLLY however there is no way to save the changes to the DLL file.

    So, how do you make such a change permanent???

    Regards
    Last edited by chemist; March 25th, 2005 at 21:41.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    add in some code in the executable, changing the entrypoint to your code that then patches the import table of the executable rerouting the LoadLibraryA api to your own code which simply calls the LoadLibraryA, then you'll have the base address of the dll, add on the displacment to the area you want to patch, VirtualProtect it to make it read/write, apply your patch, VirtualProtect it back to read/execute (or whatever it was previously), and return, once you've applied that detour from the import, simply jmp to the original entrypoint, easiest method, cos otherwise you have to deal with unpacking the dll, fixing up relocs (which the packer probably trashed) and other madness

  3. #3

    Talking

    By compressed, my guess is that you mean it is packed with something. Well just unpack it and patch it, then replace the original compressed/packed one with your "fixed up" one,

    another thing you can do is find the point in the dll's DllMain where the code is finished being decompressed and place a jump there to a code cave that patches the memory address "JE to a JNZ" then jumps back.

    If the dll is not loaded dynamically (using loadlibrary) it's address in memory should be static and you can create a loader to patch it on the fly.

  4. #4
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    I know I'm pointing out what seems to be the obvious but it wasn't mentioned in the other posts, you can easily patch it sometimes even without unpacking, with a hex editor - Winhex, Hview, Hiew, etc:.
    JNZ=75 xx JZ=74 xx

    SiGiNT
    Last edited by SiGiNT; March 26th, 2005 at 22:01.
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

Similar Threads

  1. IDA script modification request
    By joyung in forum The Newbie Forum
    Replies: 1
    Last Post: April 2nd, 2013, 09:23
  2. Geforce -> Quadro modification in software?
    By sebbe_sabb in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 4th, 2000, 04:57

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •