Guest sac Posted May 27, 2007 Share Posted May 27, 2007 Hi,there are many things I don Link to comment
Teddy Rogers Posted May 27, 2007 Share Posted May 27, 2007 What has this got to do with Programming and Coding?Ted. Link to comment
Angel-55 Posted May 27, 2007 Share Posted May 27, 2007 Did you try attaching Opera while it's opened using ollydbg ?? cause then you can see modules used and choose the Opera.dll debugging it should be more easier this way althoug i recommend sometimes for using loaddll as a program to check it's behaviour any way Ted is right what does this got to do with Programming And Coding and what's your question anyway except that ?? you should write it clear so we can understand exactly what you need........... Cheers To All Link to comment
Guest sac Posted May 27, 2007 Share Posted May 27, 2007 What I want to change in Opera is a little bit complicated (because of that I wrote it Link to comment
Angel-55 Posted May 27, 2007 Share Posted May 27, 2007 Now i understand why you opened it in the Programming And Coding section you want to use code injection you said the file is protected using ASPack ?? did you unpack the file first befire trying to debug it..........now you can count on a few strings to get your start position "it's related to the programming language" some languages doesn't support too many strings then you can use olly's plugins to get your strings out of sections you could try searching a few sections for some tips too that might help you workign with that language injecting itn's that easy you know especially when it gets to a big coding part it needs space so you'll add a section who cares it needs time you'll have enough to code the whole program again but experience ?! this is what should make you think can i inject assembly that well as for a start you'll understand code it's the first part then start getting your addresses and commands ready for injection and good luck you must find PARAMS and check there usage cause you might need to use them they are almost 80% pointers like DWORD PTR DS:[XXXXX+EBP] or something Good Luck With It And Any Help The Members Are Ready to Give It !! Cheers To All Link to comment
Teddy Rogers Posted May 27, 2007 Share Posted May 27, 2007 Or you could create a dynamic link library and inject it where you want and then call your custom functions from it...Ted. Link to comment
Guest sac Posted May 27, 2007 Share Posted May 27, 2007 Thanks for the answers and ideas.did you unpack the file first befire trying to debug it.This is the problem. The unpacked dll is of course in the ram. I copied it from there and saved it, but it still seems to be altered from ASPack. The FAQ of them says:Can I decompress an ASPack'ed file?No. One of the reasons for using ASPack is to protect applications against patches and decompilation, and the decompressor by design creates obstacles for hackers.you must find PARAMS and check there usage cause you might need to use them they are almost 80%pointers like DWORD PTR DS:[XXXXX+EBP] or somethingandOr you could create a dynamic link library and inject it where you want and then call your custom functions from it...But I need the exact jump position in the code for both methods, right? I couldn Link to comment
Angel-55 Posted May 28, 2007 Share Posted May 28, 2007 ASPack can be easly unpack even a DLL so.........?? what's the problem you can do it manually or by a tool it's your choice of course decompressed data is in memory but you can dump "you said copied i donno if you did this !" and then the file won't run fine or maybe at all because of IAT matters you'll have you reconstruct the thunk table with includes the API's that are imported by the program from the system's DLLs you can do it by many tools mostly used is "Import REConstructor" that can rebuild a new IAT and add it to file just to make sure imports are all valid and arranged too this is the way system work ASPack doesn't damage any imports at all so finding IAT is too damn easy that is a peice of cake you can even do it using Import REConstructor if you want not much "auto search" and voila all IAT is clean and found nothing is invalid in 95% of cases so go for it and read tuts about it as for tools you can use many tools found on the forums homepage and one of the best tools to unpack such protections is ap0x's unpackers he has a quit nice collection "thanks ap0x" great tools for usage check them out !! and yes you'll have to find a startr point as Ted said we didn't say it's easy but it's possible lets see strings didn't help ?? so any chance to get a function for example we have a menu the dialog of about doesn't have any strings in the program so in the same menu there is another dialog that can be found don't you think back tracing can help you ?? "better" you could count on API's commonly used for some purposes try finding a usefull one for example for a search bar might a GetDlgItemTextA or GetWindowTextA API help to break when the program gets you search string ??? maybe you didn't think of it but try it might work !! else any DLL used for s spesific usage like for connecting to proxies........ you can break on it's loading to memory using LoadLibraryA and get your call "home" using stack many ideas that can be used here you should be more imaginative in such cases try finding a single thing that might help you up even if it's hard but i think it's worth trying lol Good Luck Then My Friend And BTW Dynamic Link Library Needs Coding In Case You Aren't A Coder Try Something Else............ Cheers To All Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now