Hi
there is an EXE file which is signed (and it's not Dot Net) and it seems that it checks itself after passing the Entry Point. i'm not sure but it may be a CRC check only.
patching the license part, the program starts but it throws an exception and it will close, so i guess here that it checks the signature or CRC
i bypassed the exception and now the program starts with no problem, but now when i try to close it, the window freezes.
tracing for where it freezes, i reach here in olly:
Code:
00410B31 . FF15 40835B00 CALL DWORD PTR DS:[<&KERNEL32.CreateThrea>; \CreateThread
00410B37 . 6A FF PUSH -1 ; /Timeout = INFINITE
00410B39 . 50 PUSH EAX ; |hObject = NULL
00410B3A . FF15 44835B00 CALL DWORD PTR DS:[<&KERNEL32.WaitForSing>; \WaitForSingleObject
which at "WaitForSingleObject" the program freezes.
i also tested duP2 as a loader for program and the program works in that way but when i try to open a file with the program, it opens another instance of itself (unpatched) while the loader has been closed before.
does anyone has any advice?
thanks