#1
|
|||
|
|||
Loader or inline-patching for Safecast.
Hi all,
I've read some threads and tuts about loaders and inline patching and I tried to apply them on a target protected by Safecast (Safedisc) 2.20.020, but it seems this target is a bit different from the other ones. What I need is to patch a dll extracted by the packer, written on the temp dir and loaded with LoadLibrary. My problems are: 1 - (At the moment) I think I can't use a loader because when I try to start the app with CreateProcess, the registration form appear but after the real app doesn't start. It seems the protector acts like a debugger of itself so it doesn't work if this process has already a parent process which started it. Does exist another way to do that? 2 - If I try to inline patch it, I have no rights to write on the loaded dll space and moreover I don't know where the dll will be loaded so I don't have the right address to patch. I must use VirtualProtect? 3 - Does other packers work this same way? Thanks |
#2
|
|||
|
|||
To make sure if the app acts like a debugger of itself set a bpx on DebugActiveProcess and see if it breaks.But i think your assumption is very probable because newer versions of safedisc do this.
Quote:
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Inline patch or loader for Asprotec 1,24-1.3???? | the_beginner | General Discussion | 22 | 12-31-2004 02:19 |
Inline Patching | MaRKuS-DJM | General Discussion | 1 | 01-24-2004 23:03 |