Hello all, I need your help again

Is it possible to trace into a .DLL? Like in ICQ, I want to trace in to the ICQInfo.dll. If yes, how do I do this?

Greetz

Argoth

You will see a CALL instruction to an address. Just press F8 to trace into a call, instead of over it.

It all depends on what you want to do and how.
If you want to break when icq LOADS that specific dll then you could try this:
Before launching icq set a breakpoint on 'LoadlibraryA'. This API is used for dll loading. Of course softice will pop up many times. But after you f12 from that breakpoint ,check the parameters pushed looking for the name of the dll you are interested in.

Another thing to do is to disasm the dll, search for some interesting exported functions and then breakpoint them with softice. To do this, launch icq and when in softice do a 'mod icq'. This will show all loaded modules in memory and their respective base addresses. Take note of the base address of the desired dll, add the offset belonging to the piece of code you want to breakpoint and put a bpx there.
Thats two of the many options you got.
Hope i did not get it wrong
Cya mate.

Latigo

You can also Hexedit the .dll you want to trace into (saving a good copy of course) and place a hex CC (int 3) byte into the exact site you want Sice to break. when Sice breaks you need to manually change the CC byte to its original value using the Sice memory edition services, otherwise the program will surely crash, then go your merry way tracing and/or setting other BPX inside the dll code.


Hope this helps,

Bratsch

Hmm, must be me, but when I do mod ICQ, the Base of ICQcore.exe is something like 22000000. I want it to break at 24101210 (just an example), so I type: bpx 21880000:24101210. It tells me its an Invalid Sector. What am I doing wrong?

Argoth