Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-17-2006, 21:01
Annibal
 
Posts: n/a
Some advices on dll memory patching please

Hello all,
i'm newbie, so don't be mad at me :P
My target exe load a dll (both exe and dll are maded with delphi and are not packed or protected).
I need to memory patch both. For the exe there are no problems, for the dll i'm confused. I use ollydbg, i load my target exe then i made a alt+E to view executable modules, then i double click on the target dll. Now the CPU main thread module window is opened. There i found the address i want to patch, for example 00911557. To create the loader i used, ABEL or Process Patcher by thewd. What puzzle me is that the patchers don't seems to patch the right place OR to find the address. For example, Process Patcher patch the exe correctly then remain stuck with a message saying "Waiting for a Module to be Initialised & Patched... Press CTRL+C to Quit". In the script i feed to it i have:
Filename=TEST.EXE
Filesize=4573024
Address=0x6D0254:0x55:0xC3

[Module]
Filename=test.dll
RetryCount=5
Address=00911557:0x0F:0x90

There is something i'm not taking in consideration? Since the dll is mapped into memory along with the exe that load it the address should not be correct?
Sorry i was a little long but some time problems are from little details :P

Thanks you
Reply With Quote
  #2  
Old 08-18-2006, 00:42
Naides Naides is offline
Friend
 
Join Date: Mar 2005
Location: Planet Earth
Posts: 40
Rept. Given: 7
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 21
Thanks Rcvd at 10 Times in 7 Posts
Naides Reputation: 2
Quote:
Originally Posted by Annibal
. . .

There is something i'm not taking in consideration? Since the dll is mapped into memory along with the exe that load it the address should not be correct?
Sorry i was a little long but some time problems are from little details :P

Thanks you
Hi. I think you are having trouble with the idiosyncracies of the memory patcher.

Apparently your test.dll is not loaded into memory by the time the patcher has frozen the main exe module (Before the winmain call) and when it looks looks for the dll is not mapped yet. Alternatively, the .dll gets loaded at a non-constant area in memory each time (does happen every now and again) so the dll patch lands in the wrong module.

A first approach would be to try different loader-patcher(s), hoping they are more forgiving about dll load timing and relocation mechanisms.

The fool proof solution is to code your own loader/patcher. IT IS NOT THAT DIFFICULT. Search around and you will find plenty of tutorials and theads about it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need some tips on in memory patching of a .Net dll Sailor_EDA General Discussion 4 05-30-2011 22:27
Patching Module (DLL) in memory? FEARHQ General Discussion 5 01-06-2005 16:26
How to become a solid cracker (Advices for beginners).txt dynio General Discussion 39 08-30-2003 22:24


All times are GMT +8. The time now is 19:10.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )