Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 03-07-2005, 21:40
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Quote:
Originally Posted by MaRKuS-DJM
what i think about this AppInit_DLLs:
this would make us crackers possible to write a DLL which accesses a configuration file (maybe crack.txt) with all neccessary information to inline-patch nearly every packed program (thread instantly checking on loading-time of DLL for neccessary bytes). a configuration file like this one from ASLoad:

Exe:file.exe
Mod:1
Crash:0
Patch:
Offsetriginal byteatched byte

what do you think of this? a universal inline-patcher... you don't need cracks anymore, only the neccessary bytes
The problem I see with that,if I understoond your idea correctly, is you need to know when to patch, many targets use the same address for different flags, while others reset flags , and set them few times.so targets are not the same.

Last edited by britedream; 03-07-2005 at 21:46.
Reply With Quote
  #17  
Old 03-07-2005, 21:49
niom niom is offline
Friend
 
Join Date: Jul 2004
Posts: 21
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
niom Reputation: 0
what about DllMain/global-var initializiation code?

i mean, if an exe is linked to a dll that contains antidebugging/whatever code in its dllmain (or global ctor-like), this code would be executed through the windows loader *before* own dlls are injected, so this could be a problem.

or i'm wrong?

and how could this be solved?
Reply With Quote
  #18  
Old 03-08-2005, 02:12
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
 
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 2
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
Quote:
Originally Posted by britedream
The problem I see with that,if I understoond your idea correctly, is you need to know when to patch, many targets use the same address for different flags, while others reset flags , and set them few times.so targets are not the same.
that's true. maybe it could be done through some waiting-values (for example the Module Handle dword) like it is done in diablos dUP for ASProtected apps.
the other problem your mentioned also exists for every type of loader or crack... i think it could be handled.
i got the idea of such a patcher one year before, but through the idea of patching kernel. i didn't know there's a registry value that can inject such dlls.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hiding processes using FROST (64bit) typedef x64 OS 6 05-22-2014 23:21
LordPE limited to 60 processes? tbone General Discussion 0 07-01-2004 06:35
IDA debugging sub processes Bram Kate General Discussion 2 05-03-2004 18:28


All times are GMT +8. The time now is 15:13.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )