#1
|
|||
|
|||
My packer and resource bug
Hi. I created own packer and it work fine.
I used optimize resource and I founded problem. When i packed delphi tools.. it's OK. But when I packed my keygen in ASM - crash windows. I know the error is in resource. How I optimize resource - I moved Icon, Group Icon and Version to begin of resource. I analyse UPX and it copy this resource to own section. Can you tell me what method is the best? Ps: Sorry, I don't speak english well |
#2
|
|||
|
|||
did you correct it's rvas? there is a nice resource compression procedure available in vgshrink / virogen (i guess its on the exetools www)
|
#3
|
|||
|
|||
i think it is quite hard to give you a good answer with only this information. do you know exactly where the crash occurs? is it before your unpacked unpacked the stuff, or after? and is it inside the code of the original program (your keygen) or somewhere in kernel32.dll for example? with winice, you can use "faults on" and investigate the point where the exception occured.
|
#4
|
|||
|
|||
while app try to use the resource,but the resoure still didn't maped in memory, try to use ollydbg to debug the packed app
|
#5
|
|||
|
|||
Thank's.
My ASM keygen have two DialogBoxes. When I use optimize resource so the first is OK, but the second is bad (I see at Resource Hacker). I will check my program at the weekend. I maybe know where is the bug. When I don't find it, I will write more informations. Bye |
#6
|
|||
|
|||
i wonder how resource hacker can show you information when it is packed? or do you resource hack a dumped, unpacked image?
|
#7
|
|||
|
|||
Hi
I tested it, and I founded the bug. I used this code: Data = (PIMAGE_RESOURCE_DATA_ENTRY) addr; Data->OffsetToData = NewRsrcData; NewRsrcData+=Data->Size; But in ASM 'Data->Size' had numbers (0268h,014h,01E2h,...) and here were the problem. 'Data->OffsetToData' must end only with numbers 0 and 8. Then it work fine My new code: Data = (PIMAGE_RESOURCE_DATA_ENTRY) addr; Data->OffsetToData = NewRsrcData; NewRsrcData+=((int)(Data->Size/8))*8; if ((Data->Size%8)!=0) NewRsrcData+=8; |
#8
|
|||
|
|||
ah. that is a nasty to track bug but if i were you, i used an alignment of 16 for safety...
|
#9
|
|||
|
|||
Now I used an alignment of 4 (It use DELPHI) and it work fine.
|
Thread Tools | |
Display Modes | |
|
|