Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-16-2004, 20:24
tydit
 
Posts: n/a
My packer and resource bug

Hi. I created own packer and it work fine.
I used optimize resource and I founded problem.
When i packed delphi tools.. it's OK.
But when I packed my keygen in ASM - crash windows.
I know the error is in resource.

How I optimize resource - I moved Icon, Group Icon and Version to begin of resource.
I analyse UPX and it copy this resource to own section.

Can you tell me what method is the best?

Ps: Sorry, I don't speak english well
Reply With Quote
  #2  
Old 09-16-2004, 20:35
bart
 
Posts: n/a
did you correct it's rvas? there is a nice resource compression procedure available in vgshrink / virogen (i guess its on the exetools www)
Reply With Quote
  #3  
Old 09-16-2004, 23:24
lifewire
 
Posts: n/a
i think it is quite hard to give you a good answer with only this information. do you know exactly where the crash occurs? is it before your unpacked unpacked the stuff, or after? and is it inside the code of the original program (your keygen) or somewhere in kernel32.dll for example? with winice, you can use "faults on" and investigate the point where the exception occured.
Reply With Quote
  #4  
Old 09-17-2004, 10:53
lordor
 
Posts: n/a
while app try to use the resource,but the resoure still didn't maped in memory, try to use ollydbg to debug the packed app
Reply With Quote
  #5  
Old 09-17-2004, 16:58
tydit
 
Posts: n/a
Thank's.

My ASM keygen have two DialogBoxes. When I use optimize resource so the first is OK, but the second is bad (I see at Resource Hacker).
I will check my program at the weekend. I maybe know where is the bug.
When I don't find it, I will write more informations. Bye
Reply With Quote
  #6  
Old 09-18-2004, 01:07
lifewire
 
Posts: n/a
i wonder how resource hacker can show you information when it is packed? or do you resource hack a dumped, unpacked image?
Reply With Quote
  #7  
Old 09-20-2004, 17:07
tydit
 
Posts: n/a
Hi
I tested it, and I founded the bug.
I used this code:

Data = (PIMAGE_RESOURCE_DATA_ENTRY) addr;
Data->OffsetToData = NewRsrcData;
NewRsrcData+=Data->Size;

But in ASM 'Data->Size' had numbers (0268h,014h,01E2h,...) and here were the problem.
'Data->OffsetToData' must end only with numbers 0 and 8. Then it work fine

My new code:

Data = (PIMAGE_RESOURCE_DATA_ENTRY) addr;
Data->OffsetToData = NewRsrcData;
NewRsrcData+=((int)(Data->Size/8))*8;
if ((Data->Size%8)!=0) NewRsrcData+=8;
Reply With Quote
  #8  
Old 09-20-2004, 23:46
lifewire
 
Posts: n/a
ah. that is a nasty to track bug but if i were you, i used an alignment of 16 for safety...
Reply With Quote
  #9  
Old 09-22-2004, 19:15
tydit
 
Posts: n/a
Now I used an alignment of 4 (It use DELPHI) and it work fine.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 15:23.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )