Probs with UPX inline patching EditPadPro

[TheDutchJewel]

Hi,

I unpacked EditPadPro v5.3.1 (http://www.editpadpro.com) with simply "upx -d", cracked it and tried to do an inline patch, but I failed...

On the jump-to-OEP (65D7D2) I jumped to a some free space, added the needed bytes, and jumped to OEP (58D6C4). But the program crashed. So I only changed the jump-to-OEP to jump to some free space, and jumped from there to the OEP, but also then program crashed. IAnyone knows how to avoid this prob?

Maybe I've to add a new section. A long time ago I downloaded a prog for it to add some free space for inline patching, but I forgot the name and can't find it anymore on my pc and on internet...

Hope someone can help me out.

[Jay]

Could be the tool you meant?, dza patcher is useful for inline patching upx if you are only changing a few bytes. Assuming there is no self checking of the exe since you unpacked it. delta's exe analyser may be worth a look

hxxp://wxw.woodmann.net/forum/showthread.php?t=5264

[TheDutchJewel]

Yes, it was that dza patcher. Thanks for it.

[MaRKuS-DJM]

i had also some problems inline-patching Neolite 2.0, but the problem was that the free space where i made my inline-patch wasn't executable. i think it's the same for other packers, too. have you checked it?

[TheDutchJewel]

You've right, Markus. It wasn't executable. So I looked and found some space in an executable section, but it was only enough to remove crc-check and startup nag. So I created a patch by using DZA-patcher, which works well.

Thanks all for info.

[MaRKuS-DJM]

nice i had the same problem several times, section was very often too short.