Shub-nigurrath
August 31st, 2005, 10:28
hi all,
The tutorial is an interesting discussion about how to load a Dll as the System Loader would do calling LoadLibrary, but without having to use a temporary file. It's a nice method and some even complex protectors seems to not have learnt it!
The technique is interesting for crackmes first of all and to not only take care of execution by debug process, but also to take care of the memory loading of the process in memory..sometime might help to defeat complex protectors...
This tutorial is NOT completely based on my material but I started the work from an old page which is no more online now (at least by my side). So part of the credits goes out..
Going this way we will rewrite from scratch the entire OS to be able to patch a program!
Find as usual on ARTeam's tutorials page.
Version 1.1:
- removed from pdf some stupid links left there..text is unchanged.
- added API HMEMORYMODULE MemoryLoadLibraryEx(char *); which has the same interface of normal LoadLibrary
- added a sample with an MFC based Application & Dll
Version 1.2:
- added a completely new section with examples and description of how to use the technique to protect a little bit more.
PS: for those of you who already downloaded previous versions, I'm sorry for the repeating downloading you suffered, anway I think I compensated with the new sections which are much richer of examples and explanations...
The tutorial is an interesting discussion about how to load a Dll as the System Loader would do calling LoadLibrary, but without having to use a temporary file. It's a nice method and some even complex protectors seems to not have learnt it!
The technique is interesting for crackmes first of all and to not only take care of execution by debug process, but also to take care of the memory loading of the process in memory..sometime might help to defeat complex protectors...
This tutorial is NOT completely based on my material but I started the work from an old page which is no more online now (at least by my side). So part of the credits goes out..
Going this way we will rewrite from scratch the entire OS to be able to patch a program!
Find as usual on ARTeam's tutorials page.
Version 1.1:
- removed from pdf some stupid links left there..text is unchanged.
- added API HMEMORYMODULE MemoryLoadLibraryEx(char *); which has the same interface of normal LoadLibrary
- added a sample with an MFC based Application & Dll
Version 1.2:
- added a completely new section with examples and description of how to use the technique to protect a little bit more.
PS: for those of you who already downloaded previous versions, I'm sorry for the repeating downloading you suffered, anway I think I compensated with the new sections which are much richer of examples and explanations...