#1
|
|||
|
|||
How can I break the *.so file that main program call for?
I have a ruby script test.rb, encrypted with a software.
After encryption, when run with "ruby.exe test.rb", it will call a *.so file to decrypt the file and then execute the file. My question is how to break at the *.so file when debug "ruby.exe test.rb" with ollydbg? Attachement content: org\test.rb => original ruby script output\encrypt_test.rb => encrypted ruby script output\rgloader\rgloader192.mingw.so => ruby.exe will call this file to decript encrypt_test.rb ruby download: h**p://rubyforge.org/frs/download.php/75127/rubyinstaller-1.9.2-p290.exe Thanks in advance, bridgeic |
#2
|
|||
|
|||
in this case SO is renamed DLL, just put breaks on export calls or use generic approach with CreateFileExA/W
PS. i guess it's blowfish based and to decrypt it you must have a license file |
#3
|
||||
|
||||
easy way-> patch _rgloader_load in rgloader192.mingw.so to ebfe(infinite loop) then run script and attach olly
|
#4
|
|||
|
|||
Quote:
Many many thanks. I never hear this method before(sorry, forgive my ignorance. ), I search "ollydbg + ebfe" in Google, and finally, I found it, with patch the entrance to "ebfe", I can break at rgloader192.mingw.so now, and can debug it now, thanks again. |
#5
|
|||
|
|||
Quote:
> just put breaks on export calls or use generic approach with CreateFileExA/W Sorry, I still haven't understood it, I'll do some search/study first, thanks a lot. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
unlinker - a program for extracting functions from a PE file for later reuse | jonwil | Community Tools | 5 | 11-25-2016 08:24 |
SOFTICE symblo loader won't break on program execution please help. | logicalbit | General Discussion | 15 | 02-28-2003 02:33 |