How can I break the *.so file that main program call for?
1 Attachment(s)
I have a ruby script test.rb, encrypted with a software.
After encryption, when run with "ruby.exe test.rb", it will call a *.so file to decrypt the file and then execute the file. My question is how to break at the *.so file when debug "ruby.exe test.rb" with ollydbg? Attachement content: org\test.rb => original ruby script output\encrypt_test.rb => encrypted ruby script output\rgloader\rgloader192.mingw.so => ruby.exe will call this file to decript encrypt_test.rb ruby download: h**p://rubyforge.org/frs/download.php/75127/rubyinstaller-1.9.2-p290.exe Thanks in advance, bridgeic |
in this case SO is renamed DLL, just put breaks on export calls or use generic approach with CreateFileExA/W
PS. i guess it's blowfish based and to decrypt it you must have a license file |
easy way-> patch _rgloader_load in rgloader192.mingw.so to ebfe(infinite loop) then run script and attach olly :)
|
Quote:
Many many thanks. I never hear this method before(sorry, forgive my ignorance. :) ), I search "ollydbg + ebfe" in Google, and finally, I found it, with patch the entrance to "ebfe", I can break at rgloader192.mingw.so now, and can debug it now, thanks again. |
Quote:
> just put breaks on export calls or use generic approach with CreateFileExA/W Sorry, I still haven't understood it, I'll do some search/study first, thanks a lot. |
All times are GMT +8. The time now is 14:08. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX