Mkz,
thanks for you tips. Sorry I haven't replied in a long time as I was away for christmas - I have some questions though
In Olly, I did a bpx LoadLibrary and GetProcAddress but there seem to be too many places from which this is happening. Any tips for how I should go about this under Ollydbg?
Also, I can't find any temp dirs being created or accessed (although I can use winrar to look into the .msi archive - though none of the dlls there seem to be the ones with check serial function but I could be mistaken on this)
I have yet to look at the russian site, I should probably do that.
Thanks
Quote:
|
Originally Posted by Mkz
Try the following:
- Check for a temp directory where the instalation bootstrap files are located. The dll is probably there, at least if you're stopped at the error box.
- Debug the install process an set ot break o LoadLibrary or on GetProcAddress, it should occur when you press next with an invalid serial.
In a process monitor you won't see the dll in the loaded modules list, because it normally is loaded when the function is called, executed, and then freed - hence the 2 breakpoints I have suggested. The dll isn't actually linked with the installation process, so it's only loaded when needed.
|