#1
|
|||
|
|||
Is it possable breakpoint on entry point of DLL
A DLL is including the code to check registration key !!!
DLL have to be loaded in memory to debug with Softice, but the DLL is not loaded at first time because it is loaded only when using just some function ~. So I have no idea how to debug the DLL ! Is there how to do breakpoint on entry point of the DLL ? Please give me any other useful tips ! Thanks |
#2
|
|||
|
|||
i3here
Replace the entrypoint of the dll with a int 3 ans set in softice i3here on
|
#3
|
|||
|
|||
Olly and DLL
Can anyone help me to find OEP of DLL with Olly ?
|
#4
|
|||
|
|||
What is 'i3here on' ?
replacing the code on entry point with 'INT 3' Is right ? |
#5
|
|||
|
|||
I replaced the code 'mov ebp,esp' of entry point with 'int 3' by hex editor.
But softice doesn't break on the point . Help me ! |
#6
|
|||
|
|||
_http://www.exetools.com/forum/showthread.php?s=&threadid=2108
|
#7
|
|||
|
|||
asterix,
Thank you very much~! The DLL was packed by aspack 1.08.04, so I unpacked it by unaspack1.08.04 ! but the dll was not loaded into memory after unpack! then I re-packed it by aspack1.08.04 but it was not loaded into memory too ! --summary-- if original DLL -> loaded success after unpack -> not loaded after repack -> not loaded -- also when debugging with softice ! I do step by step F8, I can see code changing automaticly Example) next code was 'ADD ...' but after F8 the code was changed 'CMP.,.,' I give up cracking ! The program with powerful anti-debug,anti-diassem surprised me !! Sorry terrible english ! |
#8
|
|||
|
|||
when you use F8 in SoftIce you go into the function. Better is to use F10 then you go thru the program.
Normally if you go thru the program and you comes to the point where the exe.file checks the dll, SoftIce load the dll without problems! If you have problems with this, disable your breakpoint after SoftIce breaks into the program and use F10 to go further. Goodluck T.S |
#9
|
|||
|
|||
In OLLY is easy
In olly go to DEBUGGING OPTIONS-EVENTS and put a mark in BREAK IN MODULE LOAD (dll)
Olly stop in the load of any dll, and show in VIEW-EXECUTABLES the name of the dll was loaded. When you see the name of the dll loaded, right click and press FOLLOW ENTRY and you are in the entry point of the dll, you can BP in the entry point or in any point, BPM in the section code, etc. Ricardo Narvaja |
#10
|
|||
|
|||
Ollly and dll
Thanks Ricardo,
This particularly dll is protected with ASPr. and it is integrated in Delphi IDE. Your suggestions ? |
#11
|
|||
|
|||
Hi,
what is the name of the program? |
#12
|
|||
|
|||
Olly + dll
SDMSoft SourceWizard
Regards, Z |
#13
|
|||
|
|||
I have in my FTP
a tut but is in spanish
143-ASProtect en una DLL por JUAN JOSE.rar Ricardo Narvaja |
#14
|
|||
|
|||
There is no any jump and call instruction at next code~
But when execute next code, other code execution happen. anyway I belived that file analyzer say it was packed by 1.08.04 But now I think It may not be 1.08.04. Also the DLL was not diasembled with W32dasm So I used IDA. But IDA can not diasemble too. The DLL file is d2maphack.dll of mousepad's diablo2 maphack program. Also Olly could not debug the dll because the DLL have the code to check registration key so if no key the DLL automaticly is unloaded. Olly can debug DLL loaded into memory ! -- summary -- 1. can not diasemble with any diasembler 2. can not debug with softice becuase code changing happen 3. can not debug with olly because the dll can not be loaded -- So I give up If we can know exact a packer/protector used, It may be possible to debug or diasemble. Thanks sorry for terrible english Last edited by jadesk99; 01-12-2004 at 21:12. |
#15
|
|||
|
|||
sorry !
the original program is not working on my pc ,I think it needs a dll that I don't have. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
entry point to function in comobj/activex dlls | Mitchjs | General Discussion | 5 | 12-15-2005 05:45 |
Can I move Entry Point to the middle of the codz ? | netxman | General Discussion | 11 | 11-23-2005 08:51 |
how to get the address of the entry point in an API | Warren | General Discussion | 6 | 08-30-2005 16:18 |
How to make sure this is really the Entry Point | merursinecury | General Discussion | 7 | 04-13-2003 08:20 |