W
Wibo
Hello,
we have a large application, that gave weird behavior.
On W2K we're suffering from instable program ececution from time to
time,
untill now we managed to workaround these problems.
On NT4 we were not able to get things working. It stops with the
message
unable to load MyDll.dll, where the dll can be another everytime you
start.
Using the profile functionality from Depends we saw the following
error:
First chance exception 0xE0434F4D (Unknown) occurred in
"c:\winnt\system32\KERNEL32.DLL"
After extensive research on different systems, we noticed that under
NT4
the amount of reallocations is enormous compared to W2K or the non
obfuscated version.
After a little experiment with changing the base addresses of the
dll's we managed to get the application running.
We suspect our obfuscator is not updating some size information in our
assemblies and that the NT4 relocator uses incorrect data.
My question is:
What (Meta)data from an assembly is used by the NT4 relocator, so we
can check ourselfs if the obfuscator is "forgetting" to update some
data ?
and...
Is there a tool available that can analyze an assembly and check if
header and metadata information is consistent ?
Any help will be appreciated, finding this out already took a huge
amount of time !!!
Best regards,
Wibo.
we have a large application, that gave weird behavior.
On W2K we're suffering from instable program ececution from time to
time,
untill now we managed to workaround these problems.
On NT4 we were not able to get things working. It stops with the
message
unable to load MyDll.dll, where the dll can be another everytime you
start.
Using the profile functionality from Depends we saw the following
error:
First chance exception 0xE0434F4D (Unknown) occurred in
"c:\winnt\system32\KERNEL32.DLL"
After extensive research on different systems, we noticed that under
NT4
the amount of reallocations is enormous compared to W2K or the non
obfuscated version.
After a little experiment with changing the base addresses of the
dll's we managed to get the application running.
We suspect our obfuscator is not updating some size information in our
assemblies and that the NT4 relocator uses incorrect data.
My question is:
What (Meta)data from an assembly is used by the NT4 relocator, so we
can check ourselfs if the obfuscator is "forgetting" to update some
data ?
and...
Is there a tool available that can analyze an assembly and check if
header and metadata information is consistent ?
Any help will be appreciated, finding this out already took a huge
amount of time !!!
Best regards,
Wibo.