Ok heres my problem, I got a driver its a ODBC driver and it has the securtiy built into it and not a external program. So my problem is to deassemble the driver DLL and have it jump code so that it doesn't go thought the windows verison check or the serial check and just does its thing and gets the info from the unix database box, into windows. Now I have looked at the code and I think I got it figured out but How to I assemble the darn thing back to a dll???? Everything I have found is to assemble it to a EXE or COM. I just can't find anything to make it a DLL again. I'm using IDA 4.04. Please if anyone has any idea's on how I can get the ASM file back into a DLL file I would be so happy.
THanks
Dark

If you are using MASM32 (or Microsoft assembler) look at the BLDDLL.BAT file which comes with the examples of the distro.

You must first create an OBJ file with the command "ml /c /coff xxx.asm", and then link it with the command
"link /SUBSYSTEM:WINDOWS /DLL /DEF:xxx.def xxx.obj"
The .DEF file is required to add to the header of the target all the exported entries. It will have "EXPORTS" in its first row, followed by a list of all the exported functions.
You must also add a .RES file containing the possible resources used by your target (dialogs, strings, icons), if required.

But be aware: the process of reassembly some disassembled target is never automatic and it can be accomplished with a lot of reverse engineering.
Better to make a patch inside the executable file: that is the common way of operating...

My problem is the security isn't in the EXE its in the darn DLL I guess they made it like that so it can be used to check if you have valid access to use the driver from any program that uses the ODBC connection. Would it be helpful to just attach the dll to a another reply?
It sounds like a lot of stuff to do just to just have it not do any checking. Now I have hex work shop and I have been able to change the reg info to where to look but It isn't working because it uses that darn kernel32.dll to get the windows version, thats where it all goes down hill I believe I could do it if I could change it to just avoid looking for the windows version. I haven't seen any programing logic, by just looking at the hex output. How would you go about patching this kind of problem?
Any help would be so thankful and thanks for responding so far.
Dark

How about you open that file in W32dasm or IDA and see if you can find any of the checks. Does the DLL gives a messagebox saying "you are not licensed" or something like that when you are trying to access the DB using it ? if so try to find those strings and go from there.
Maybe use SoftIce to trace it during it's work. Try to access something using the DLL and BPX on CreateFilea (assuming it's using a license file) or something along these lines.
Check with RegMon to see if it's looking for something in the registry to tell it if it's registered or not.

hope that helped a bit.

Goatass

It uses the registry and it calls out to another DLL to decode a Serial that it got from the registry and I can View it all just fine in IDA but I need to Patch it, And I am not as aware as some as to how to go about patching a DLL. I have gotten some great advice on assembling a DLL from a ASM file but where do I get this RES file and def file. And is there some nice program that will just re assemble the ASM without so much trouble? Now I just got Softice but when I go to use it I have to use some other program to access the driver and all it shows up in the log is what Dlls it accessed but nothing on the instructions of that dll. So I'm stuck Also I do not know SOftice well enough to hit the road running. It's amazing how much they want you to pay for it too LOL.
Now I have the serial but its the darn windows version thats the problem it doesn't reconize W2k so thats where it gives me the error but it works with w2k if I don't give it any serial it starts in the 30 day trial mode and it works fine. Now it gets its version info from another dll called kernel32.dll which is a windows DLL file. Now I have found how to jump but its just a pain in the butt to get back into a DLL file from a ASM.
ANy help is greatly welcomed
Dark

Hi, you mentioned that you don't have the knowledge to use SottIce well then I think you took on something bigger than you can handle. What people said about re-assembling the DLL is great and all but useless. When you open the DLL in IDA find where you think the checks are being done then open the file in a hex editor look up the offset and set a int3 (cc) breakpoint in the file. Or just find APIs close to where you want to break and set a BPX on them. For example to check for version it might be using GetVersion API so set a BPX GetVersion in softice and it should bring you to where you want (hopefully).
I suggest you read some tuts on how to use SoftIce and other tools.

goatass

Patching a DLL is a very different task from reassembling it! It means to locate the code you want to alter, and overwrite it with new code bytes. To do it you need:
- some assembly knowledge
- some assembler tools, which will convert your new assembly code into hexadecimal code bytes. SoftIce will do it well enough. Other tools at e.g. protools.cjb.net

RES file: you can create it starting from your DLL and using Microsoft or Borland compilers and related tool
DEF file: since it is a simple text file, you can build it by hand

As I tried to tell you before, the reassembling of a DLL/EXE file is not a trivial task, and it cannot be done in an automated manner. I am suggesting you again to try another approach: patching it.

Before patching it you can set breakpoints and change the code on the fly using some debugger (e.g. SoftIce). The important thing is to get a quite good knowledge of the debugger you will use!


Dark, you must use the right breakpoints...
And I cannot tell you what without looking at the DLL (and unfortunately I have no time to look at it...)

A lot of time and a lot of patience will be required if you want to make some progress on your target.

Then use some freeware debugger! The Microsoft one (one of the best IMHO) is free! Grab it at http://www.microsoft.com/ddk/debugging/
But then the problem is again the same: you must learn it very well!

The Windows version is probably used to generate the true serial, which then will be compared with the serial you have entered...

Hope it may help you.