Hi!

Maybe someone could help me out here
First I'm gonna explain my problem.
The Target is a program that uses 2 dll files. The Mainprogram a loader for one of the DLL files that uses the other DLL. Both dlls uses CRCs checks for eachother. But i Only need to patch the second one. (The one thats loaded by the main dll).
I only need a quick solution so I've tried some differnt "process patchers" but none of them can handele the second dll. Only The main exe+first dll.

Anyone have any idea how to handle this?
I KNOW I can write my own Loader but that's not my strongest side so anyone know of any already programmed Loaders of this type. Or someone that has any knowledge of pragramming them. Please give me a tip ;O)

Thanks in advance!

loader on main exe, patch import table area for loadlibrary - reroute it to your hooking code, might do the trick

But the Dll i wanna patch is loaded frome the Dll that the main exe uses

Main.exe -> 1.dll -> 2,dll

I wanna patch the "2.dll" but this one is protected with some nasty checks frome the "1.dll".
Can I use your way even if it's the 2:e dll I wanna patch in memory.

PS. This loader thiing is new for me so.. :P
I normaly patch the program file. But this is an realy hard program to just patch and then run. But this one using self-modifyeing code, encryption, mixed random xored crc checks etc etc. I know were to apply the patch and i know it works. (works in Olly on fly)

1. reroute import of loadlibrary to your own code from the main exe's import table
2. when it loads the 1st dll, apply the same reroute to the import table of that dll
3. hey presto, it loads the 2nd dll.. job done
it cant checksum the import table, as it'll be different depending on the os/versions of dlls loaded etc, it can however check if the address is the 'right' one, but probably doesnt...

try it and see

so your code can reside anywhere, have it check the name of the dll or whatever in its code (remember to preserve registers etc, and call loadlibrary to load the dll within your hook, and so on).. relatively simple

I will try that, thanks man.
I will tell you how it goes.
But right now I'm of to work.

If you decide a loader is the best option - there are several patchers/loader builders that make it pretty easy, my favorite is Abel loader.

SiGiNT

read tutorial on ART site about loader .. its great article writen by Shub-Nigurrath

also there is one good write by yates.. .. use google to find all


bye

Or maybe check out yates's link listed at the bottom of the Forums and hosted here.

Regards,