I hope some of you clever guys can help me.

I've managed to patch encrypted exe files before by creating a loader/WriteProcessMemory but now I need to do this with an encrypted dll. This particular dll is itself called by an encrypted exe which I've managed to dump but I have no idea how to access the unencrypted dll memory for patching once it's loaded!

I think the dll is packed using armadillo cos pe-scan tells me there's a 90%+ match using the heuristic search.

Please help!!

I managed to get it done!

I used ProcDump to dump the decrypted dll to a file for disassembly and then used thewd's excellent "Process Patcher" utility to patch the dll after it loaded. It allowed me to patch the dll loaded by the child process created by the original encrypted exe.

I like posts like this one

He managed to think and solve his own problem.

Peace, Woodmann