The target that I am trying to reverse:

PEiD reads:
Microsoft Visual C++ v6.0 DLL *



Krypto ANALyzer reads:
Detected 14 crypto signatures -

ADLER32
BASE64 table
Base64 table
Base64 table
Base64 table
CCITT-CRC16 [word]
CRC32
CRC32
CRC32
MD4
MD5
MD5
SHA1/RIPEMD-160 [Init]
ZLIB deflate [long]



Protection scheme:
FlexLM
License file
Hasp HL Time



Debugger:
OllyDBG (DeRoX - [DRX])



Problem:
Reassembling any code (even a simple jmp), saving the changes/exe and restarting the program (new exe) causes my system to freeze (hard reboot required).
Watching the Olly window, I can see that the program hangs while loading a dll module on startup.

Running the altered exe outside/independent of Olly also freezes comp.

Any help would be greatly appreciated.
-G

perhaps the loaded dll is doing a checksum of your modified exe, and if the checksum is bad, it freezes your system.

What you're saying makes sense. However, is there any way to get around this without patching anything other than the primary target?

I have loads of breakpoints and comments marked in Olly - and I have successfully reversed my program. However, I can't save off the final product because I know it will freeze when I try to load it in to Olly and/or run it! It won't even finish loading in to Olly.
Once I have made the changes in Olly (before running it in Olly), I can run it and it works - so I know my patches are correct. However, if I copy all modifications and save exe, the resulting exe is useless.

I am assuming that the PEiD entries for CRC32 and MD5 are for the checksum...

Thanks for the help.
-G


UPDATE: Problem solved. My firewall was preventing any changes. Stupid...
Thanks again,
-G

THEN, maybe, you need a memory patch, not a normal binary patch. Loader patches, I'd say (I forgot the exact term) but you'll find PLENTY of in-memory patchers and programs that allow you to create memory patches as stand alone executables...

Iczelion's comes immediately to mind....

Have Phun

Close... I think the scene kiddies call them "loaders".