Very basic noob question about DLL [Archive] - RCE Messageboard's Regroupment

View Full Version : Very basic noob question about DLL

dimebucker

September 23rd, 2015, 11:15

Hi,
Im following this guide http://resources.infosecinstitute.com/reverse-engineering-ollydbg/ ("http://resources.infosecinstitute.com/reverse-engineering-ollydbg/") In order to bypass a simple software that looks for a .KEY file.

In the guide the messageboxa is called from "software..." and when they trace this and subsequently modify the actual line of code that is responsible for producing the error message, they save changes to the .exe.

3020

Problem is, I can follow this guide exactly, but when I finish it wants to save my changes as a system32 DLL file! (mfc42.dll)

Below is a screenshot of my messageboxa and it appears to be calling from the DLL in question:

3019

I know this is probably annoyingly basic but can anyone point me in the right direction?

Cheers

C0d3r-F4N

September 24th, 2015, 11:29

First, do you really have the program?

Sory, i can't test it because i haven't the file, because of i can't see any download on linked site!

See your 2 Screenshots... the frist (original, from the tutorial), the 2nd your own.
If you see your MessageBoxA is called from MFC42.6CF..... the "original" is called from Software.0040.....

In this Tutorial i cant's see, that a keyfile is needed (or i'm blind!).

I've read the tutorial.

But, show this Screenshost (SoftwareExpiration.exe)
http://2we26u4fam7n16rz3a44uhbe1bq2.wpengine.netdna-cdn.com/wp-content/uploads/102913_1301_ReverseEngi14.png

-----

I knew a tutorial in which a program is looking for a .KEY file..... for that program i know 2 ways (in short: 1. create the Keyfile and put in a fake serial; 2. bypass the checking for a keyfile).

PS: I'm newb' too!

owl

September 29th, 2015, 14:29

the executable itself makes some DLL calls(imports), as long as you made the code changes on the executable itself (the address typically around 0x00400000) and not in one of the called Dlls (address around 0x00700000). It should save as a exe instead of dll. Anyway, if you are learning on how to use a debugger (ollydbg), I recomend you to lookup the lena's tutorials. You can find them on tuts4you.com or google search. Also, the infosec tutorial, mentioned IDA Pro and diminish it because it is not free. You can download a free version of IDA PRO, granted is usually an old version and does not support 64bit. I don't know if the free version has a workable debugger or not but it does not matter anyway. If you are planning to get into the reverse engineering field, I recommend you to get familiarize with the use of a dissasembler like IDA. If you have look at the binary in IDA, you could have found the message box and would have identified the code to bypass at a faster rate.