CRK is on the right way. The idea here is to just patch the program in memory. No hard patching like using Hiew and so. Getting the imagebase for an unloaded DLL is easy in this case you just need to disassemble it for example with IDA. But remember one thing: Lets say i have 2 DLLs and both want to use the same Imagebase for example 10001000 here then one will be put at a different location e.g. 3DFB0000 or whatever. So of course the first goal is getting the imagebase of the LOADED Dll file. Afterwards i want to patch the DLL in memory.

Neitsa: well you said i couldnt bypass CRC checks with that. In my case i could bypass the CRC checks with this because they are performed on the Files itself. The CRC check is not performed on the loaded Program in memory. So in most cases you could bypass a CRC check by using a Loader.

Additionally lets imagine i know the bytes i want to change lets for say easyness i want to change the bytes at location 10004324 74 0B to 10004324 EB 0B where the imagebase of the DLL is 10001000 in this case and the DLL is unloaded in this case.

Some Codesnippets or a small example of how to obtain the real virtual address of the DLL when loaded to memory and patch it afterwards in memory would be really nice.

Thanks in advance