Hello,
I wish to send a fake serial number to a software so I decide to write a fake dll to hook DeviceIoControl and send my fake serial.
So I have write a dll kernel33.dll in the same directory and patch the import table. All work fine and the fake serial is ok.

The problem is that the software has got a CRC protection so it detect the patch on the import table (kernel32 -> kernel33) so I have try to build a false kernel32.dll with direct Api address but nothing work. The dll seems not accept by the program. I am under Windows 2000 and SafeDllSearchMode is set to 0.

If someone has an idea why my dll is not accept (NT security maybe?) or someone can show me a working technic.

Thanks.

Sounds to me that it might be a lot easier to disable that CRC-check, have you tried it?

Or even funnier and more suitable for this situation, if the CRC-check is performed on the file on the disk (i.e. contrary to in memory, which is not likely if the import table is included in the CRC check) why don't you hook the CreateFile api too, and redirect it to an intact copy of the file whenever the program tries to open a handle to its own exe file on the disk?

seems a good idea to hook CreateFile

I have a valid license serial number for only one harddisk so I don't want to do too many patch because the program seems to have more than one CRC and when you do bad patching he just discreetly disable some functions. About the idea to make a keygen it's really more difficult especially with unknow hash algorythm.

you could also patch the calling app's call to DeviceIoControl and change the returned data (as opposed to patching or hooking kernel32)