Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Old 03-04-2011, 13:05
Sailor_EDA Sailor_EDA is offline
Join Date: Nov 2004
Posts: 67
Rept. Given: 8
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 43
Thanks Rcvd at 4 Times in 2 Posts
Sailor_EDA Reputation: 2
Need some tips on in memory patching of a .Net dll

Hi folks,

I'm working on a target that uses a .Net dll that has all the security call for the serial checking etc. The problem is that this dll is strongname protected so if I just byte patch, the executable detects this at runtime and says the dll is corrupt and so on.

I haven't had much luck with strongname protected dll's before and I'm hoping one of you can help me with this.

I've read a long time back that the solution is to have a loader that patches the dll in memory once its loaded. I haven't had much luck in finding any tuts that talk about this specific case.

In addition, this particular target also utilizes a ha$p license manager however, by looking at the disassembled code I'm sure this can be bypassed pretty easily.

In anycase, here is a link to the target. PM for the password.


Btw, this is an addon to M$ Vi$io so you'll need that to use it. In spite of being an addon, it has its own exe file that works as a loader. The exe is written in vba I couldn't gather much information from IDA.

Any tips or pointers?

Reply With Quote
Old 04-07-2011, 12:43
Sailor_EDA Sailor_EDA is offline
Join Date: Nov 2004
Posts: 67
Rept. Given: 8
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 43
Thanks Rcvd at 4 Times in 2 Posts
Sailor_EDA Reputation: 2
I've been reading up on strong-naming dll and I have a question. If I alter the dll, can I resign it, does it have to be with the original PublicPrivate key used by the vendor to sign the dll or can I produce my own key? I haven't tried it out as yet and that is probably the best way to find out but I was just checking if at lest in theory it should work.

This is what I've been referring to:
Reply With Quote
Old 04-19-2011, 15:58
Posts: n/a
if the dll doesn't check the strongname, just remove it in any way you like
otherwise, patch the check (can be complicated)
and if you just want to skip strongname verification, theres no need to patch it
look up msdn, there's an option to
Reply With Quote
Old 05-24-2011, 22:58
bytexorer bytexorer is offline
Join Date: Mar 2005
Posts: 12
Rept. Given: 0
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 2
Thanks Rcvd at 0 Times in 0 Posts
bytexorer Reputation: 7
if you want to bypass Strong Name verification for an assembly, you can use

SN.EXE /Vr AssmeblyFileName
be aware that 32 bit version of SN.EXE will not work on 64 bit machines. you have to use 64 bit version of sn.exe on 64 bit machines.
you have to run sn.exe on evey machine per patched assembly file.
64 bit version is located on :

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\x64\
and 32 bit version on:

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\
on my Windows 7 64 Bit machine.
Reply With Quote
Old 05-30-2011, 22:27
congviet congviet is offline
Join Date: Jun 2010
Location: Vi
Posts: 151
Rept. Given: 30
Rept. Rcvd 76 Times in 42 Posts
Thanks Given: 56
Thanks Rcvd at 52 Times in 30 Posts
congviet Reputation: 76
to create a key pair.
Using attach file to resign strong name.
Can patch some bytes of target by winhex.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
USB Audio demo version - any tips for patching a driver? an0rma1 General Discussion 7 03-11-2018 08:32
Some advices on dll memory patching please Annibal General Discussion 1 08-18-2006 00:42
Patching Module (DLL) in memory? FEARHQ General Discussion 5 01-06-2005 16:26

All times are GMT +8. The time now is 12:21.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )