Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Locating DLL Entrypoints with a driver

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
iPromise
Grandmaster Cheater
Reputation: -1

Joined: 27 Jun 2009
Posts: 529
Location: Canada
PostPosted: Thu Jul 18, 2013 10:12 pm    Post subject: Locating DLL Entrypoints with a driver Reply with quote
hey guys,

I have two questions that I hope can be answered. My first question is with regards to DLL encryptors. Once you've encrypted a DLL, all the signatures change until the DLL is loaded; is that correct?

For example, lets say you compiled a DLL with this variable:

Code:

BYTE Signature [] = { 0xFF, 0xFF, 0xFF, 0xAA };


If you view that DLL with a disassembler, you can find that signature in the hex viewer.

But after you've encrypted it, you won't find that signature, not until its been loaded up and the encryptor decrypts itself, correct?

My second question is rather straightforward. How can we determine all the modules loaded within an application in a driver. I'm personally looking for one module, and ofcourse I don't have the tlhelp32 library to help me so I was wondering if there were any techniques or references to kernel tlhelp32 functions of some sort.

I need to find the entry-point of the module so I can do a signature check for my public key of my driver to ensure that the library loaded isn't foreign.

thanks.
Back to top
View user's profile Send private message MSN Messenger
Stylo
Grandmaster Cheater Supreme
Reputation: 3

Joined: 16 May 2007
Posts: 1073
Location: Israel
PostPosted: Mon Mar 17, 2014 11:45 am    Post subject: Reply with quote
As for your second question, you don't have to use tlhelp32
you can access the PEB and walk through the InLoadOrderModuleList manually.
_________________
Stylo
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites