Hi guys from the reversing community,

The target is an API with multiple dll, some are on the GAC. I have de-obfuscated the code and have managed to extract the calling chain which make the licence check:

DLL1 (VisualStudioAddin.dll) ---> DLL2 (Framework.dll) ---> DLL3 (FrameWorkBase.dll)

DLL2 and DLL3 are in the GAC.

FrameworkBase throws a LicenseException when the licence is expired. I've patched DLL2 and DLL3. I've generated a strongName protection key for DLL2 and DLL3. I've patched DLL1 references publickeytoken to reference the patched DLL2 and DLL3. I 've added patched DLLs in the GAC.

But when I launch the Add in on the PEBrowseDebugger, I can't set a breakpoint in DLL2 and DLL3, It seems that DLL2 and DLL3 are not loaded any more. And the call in DLL1 leads to an exception.

Am I missing something ?

Cheers

Open in Ollydbg, check your startup modules for loaded dll's. If loaded, set Olly to ignore all exceptions.

If you are currently working in x.dll, you may not be able to set a standard breakpoint on y.dll and z.dll - you may need to use a hardware breakpoint.

-G

Hi GNIREENIGNE, thx for your time.
What do you mean by startup module, Is it my first dll, the visual studio Addin ?
How can I set an hardware breakpoint on an assembly DLL ?
Is it possible to see the MSIL in Olly like in PEBrowseDbg ?

Once you open your target in Ollydbg, you can view all of the modules that your target makes calls to (e.g. all of the calls that are made to 'outside' dll's and exe's).

Depending on what file you are currently trying to patch, you need to open that file in Olly. Each file should be opened in Olly individually if each file needs to be patched. If you need to set a breakpoint on a module that exists outside of your current/primary target, you can use hardware breakpoints to achieve this.

I would suggest getting Ollydbg first. Check it out; check out some tutorials (I recommend "Lenas Reversing for Newbies"). There are loads of scripts and plugins available for Olly that make it a very powerful debugger.

-G