#1
|
|||
|
|||
Some advices on dll memory patching please
Hello all,
i'm newbie, so don't be mad at me :P My target exe load a dll (both exe and dll are maded with delphi and are not packed or protected). I need to memory patch both. For the exe there are no problems, for the dll i'm confused. I use ollydbg, i load my target exe then i made a alt+E to view executable modules, then i double click on the target dll. Now the CPU main thread module window is opened. There i found the address i want to patch, for example 00911557. To create the loader i used, ABEL or Process Patcher by thewd. What puzzle me is that the patchers don't seems to patch the right place OR to find the address. For example, Process Patcher patch the exe correctly then remain stuck with a message saying "Waiting for a Module to be Initialised & Patched... Press CTRL+C to Quit". In the script i feed to it i have: Filename=TEST.EXE Filesize=4573024 Address=0x6D0254:0x55:0xC3 [Module] Filename=test.dll RetryCount=5 Address=00911557:0x0F:0x90 There is something i'm not taking in consideration? Since the dll is mapped into memory along with the exe that load it the address should not be correct? Sorry i was a little long but some time problems are from little details :P Thanks you |
#2
|
|||
|
|||
Quote:
Apparently your test.dll is not loaded into memory by the time the patcher has frozen the main exe module (Before the winmain call) and when it looks looks for the dll is not mapped yet. Alternatively, the .dll gets loaded at a non-constant area in memory each time (does happen every now and again) so the dll patch lands in the wrong module. A first approach would be to try different loader-patcher(s), hoping they are more forgiving about dll load timing and relocation mechanisms. The fool proof solution is to code your own loader/patcher. IT IS NOT THAT DIFFICULT. Search around and you will find plenty of tutorials and theads about it. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Need some tips on in memory patching of a .Net dll | Sailor_EDA | General Discussion | 4 | 05-30-2011 22:27 |
Patching Module (DLL) in memory? | FEARHQ | General Discussion | 5 | 01-06-2005 16:26 |
How to become a solid cracker (Advices for beginners).txt | dynio | General Discussion | 39 | 08-30-2003 22:24 |