Well I worked alot with softice on WinME but it`s the first time I installed WinXP and I have a problem with a exe that i patched on winme, that is i`m getting prg crash when i execute a code i wrote to the exe but only for "call LoadLibraryA", i also tried somethin like "mov esi, LoadLibraryA", "call esi" but still crashes, even when i patched it with softice realtime. Someone? I`m not very familiar with how WinXP works with memory.
Thanx in advance !

I think the problem might be located in the parameter you are passing to LoadLibraryA. Make sure the LString pushed on the stack before you call it is a valid 32 dll, not a 16 bit dll. Thatt the string is not in Unicode format etc and bla bla blah.

Read the implementation of LoadLibraryA in MSDN and you may kill your bug.

Also, if you are an adventurer, jump into the call LoadLibraryA with F8, and see where it takes you.

Well, just out of curiosity, I tried both cases you suggested, plus a null string as argument... I used the first 16-bits DLL I found on the net...

But in no cases the app crashes. In first two cases it just prints a "corrupted image" MessageBox and returns 0, in third case just returns 0...

So k19 problem could be more delicate...
Regards, bilbo

edit: in the second case it claims a corrupted image because it tried to open "." (the current directory)! If you remove the leading ".\\", no MessageBox is output and just 0 is returned (since DLL was not found).

You are correct Bilbo. I was not diligent enough to test it for myself. I just guessed what would be the most likely problem.
Notice that you are COMPILING your code at WinXP, while K19 is directly patching.
The guards of the C ++ compiler and the linker may be checking and correcting a lot of problems.
For instance it may Choose to call LoadLibraryW for a unicode module, and so on.

thx for the answers, but this is not a crack and thee app is not patched ...I intercepted the call for my remote controll so I can do what I want not use the original UI, and I wrote directly to the exe the code. the dll is a 32bit delphi app; I disassambled the app and I also called LoadLIbrary from the apps import table with the same result..crash; I saw that the mem program space is diffrent from WinME..i just found some x00 byes in the exe and wrote my code

and this is what I wrote:
...........
016F:004180C0 80FB13 CMP BL,13
016F:004180C3 7409 JZ 004180CE
016F:004180C5 803D2881410001 CMP BYTE PTR [00418128],01
016F:004180CC 7537 JNZ 00418105
016F:004180CE 60 PUSHAD
016F:004180CF 68A0804100 PUSH 004180A0
016F:004180D4 E8CFF5B4BF CALL KERNEL32!LoadLibraryA
016F:004180D9 68B0804100 PUSH 004180B0
016F:004180DE 8BF0 MOV ESI,EAX
016F:004180E0 50 PUSH EAX
016F:004180E1 E89AECB4BF CALL KERNEL32!GetProcAddress
016F:004180E6 FFD0 CALL EAX
016F:004180E8 8BF8 MOV EDI,EAX
016F:004180EA 56 PUSH ESI
016F:004180EB E86964B6BF CALL KERNEL32!FreeLibrary
016F:004180F0 83FF00 CMP EDI,00
016F:004180F3 61 POPAD
016F:004180F4 8D8704070000 LEA EAX,[EDI+00000704]
016F:004180FA 0F849E4EFFFF JZ 0040CF9E
016F:00418100 E9894EFFFF JMP 0040CF8E
016F:00418105 8D8704070000 LEA EAX,[EDI+00000704]
016F:0041810B E97E4EFFFF JMP 0040CF8E
..............
on milenium runs ok but on xp crashes @004180D4, maybe I`m not supposed to just write this code on the exe on WinXP and prepare somehow the exe before??
man, my head hurts...it should run fine..

It seems you have hardcoded the entrypoint of LoadLibraryA as BFB4F5CF, which of course is different on XP (on my XP it is 7C801D77 for example)

well you have not only hardcoded LoadLibrary but also GetprocAddress as well as FreeLibrary

you should change them to the actual address that is pointed by the dlls in xp

kernel32.dll address will in the range of 7******* in xp

What I meant by patching was not saying that you had cracked the app but that you were directly writing to the exe in hex code/opcode.

Stupid mistake, I knew something was wrong.....thanks alot for the info, it runs well now!
Regards, K19