Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 07-17-2010, 05:04 PM
TehAvatar TehAvatar is offline
Join Date: Jul 2010
Posts: 17

Okay, ill try the patch. One thing kao, I'm not able to hook the application with ollydbg - simply says "unable to load RunServer.Network.Dll..etc for each DLL.

Also, it is an x86 application running on a x64 system. It just looks like the app doesnt work normally in the hooked environment. It terminates after hitting a few breakpoints. bleh.

My method:

Attach to shell32.dll with ollydbg ->
place breakpoint on entry point ->
Attach to my victim ->
wait for break in shell32.dll ->
step over code till we return to my victim ->
place breakpoint on OEP (if thats what you call it)

With this method, breakpoint on OEP gets hit everytime native dll's get loaded...

This works 100% for notepad and ive even tried it with other apps but.. on the x64 system something goes wrong.

Let me try your patch first and report back!!

Edit: DLL seems to load for now

Last edited by TehAvatar : 07-18-2010 at 02:59 AM.
Reply With Quote
Old 07-19-2010, 05:15 AM
TehAvatar TehAvatar is offline
Join Date: Jul 2010
Posts: 17

Bleak. Ive got most of this app decompiled, but I cant for the life of me figure out which settings it should use.. Any ideas how I'd get a couple of XML files out of the Xenocode VM environment?

I have a few ideas... Ive already extracted some stuff from the VM environment by using some quite sneaky ideas ^.^

There are 5 .cs files that get compiled while the application is running - I replaced my csc.exe (command line compiler) with a custom exe, so when the app opens csc.exe it, it threw the code right at me

Im guessing ill have to infiltrate the exe when it loads the xml from drive/memory.

XML.LoadFile or similar method is used to open up the config files.

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.