 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#11
07-17-2010, 05:04 PM
|
|||
|
|||
Okay, ill try the patch. One thing kao, I'm not able to hook the application with ollydbg - simply says "unable to load RunServer.Network.Dll..etc for each DLL.
Also, it is an x86 application running on a x64 system. It just looks like the app doesnt work normally in the hooked environment. It terminates after hitting a few breakpoints. bleh. My method: Attach to shell32.dll with ollydbg -> place breakpoint on entry point -> Attach to my victim -> wait for break in shell32.dll -> step over code till we return to my victim -> place breakpoint on OEP (if thats what you call it) With this method, breakpoint on OEP gets hit everytime native dll's get loaded... This works 100% for notepad and ive even tried it with other apps but.. on the x64 system something goes wrong. Let me try your patch first and report back!! Edit: DLL seems to load for now Last edited by TehAvatar : 07-18-2010 at 02:59 AM. 
|
|
#12
07-19-2010, 05:15 AM
|
|||
|
|||
|
Bleak. Ive got most of this app decompiled, but I cant for the life of me figure out which settings it should use.. Any ideas how I'd get a couple of XML files out of the Xenocode VM environment?
I have a few ideas... Ive already extracted some stuff from the VM environment by using some quite sneaky ideas ^.^ There are 5 .cs files that get compiled while the application is running - I replaced my csc.exe (command line compiler) with a custom exe, so when the app opens csc.exe it, it threw the code right at me  Im guessing ill have to infiltrate the exe when it loads the xml from drive/memory. XML.LoadFile or similar method is used to open up the config files. *Thinks*
|
Linear Mode
