Is there any program that can patch the "dll characteristics" of IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE in the pe header? the website you mention only says 'hex' patching but does not say WHERE.. I tried the 18E address in the screenshots there but no change. Also it only says how to ENABLE it, but I want it DISABLED. I don't care about virus/exploits/protection. I just need ollydbg to work properly when loading DLL and my Tmpgenc DVD Author 4 (Right now I have to revert to DVD Author 3) Also I found out the term is called ASLR, it can be disabled in Vista, but I tried to disable it in Windows 7 with this Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] "MoveImages"=dword:00000000 ASLR Vista's ASLR randomizes the location of images (PE files mapped into memory), heaps, stacks, the PEB and TEBs. Image positioning randomization is designed to place images at a random location in the virtual address space of each process. Vista's ASLR has the capability to randomly position both executables and DLLs. There is a system-wide configuration parameter that determines the behaviour of Vista's image randomization. This parameter can be set in the registry key HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\MoveImages which by default does not exist. This key has three possible settings: If the value is set to 0, never randomize image bases in memory, always honor the base address specified in the PE header. If set to -1, randomize all relocatable images regardless of whether they have the IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE flag or not. If set to any other value, randomize only images that have relocation information and are explicitly marked as compatible with ASLR by setting the IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE (0x40) flag in DllCharacteristics field the PE header. This is the default behaviour. I tried to the file in ollydbg, and when it loads the DLL, the offsets are different, thats why I know ASLR is still enabled. (I am using Windows 7 Beta) Also, what are the SortServer2003Compat.dll (XP SP3), and SortWindows6Compat.dll (Vista SP2) that is prevent my DLL from being seen when loaded under ollydbg with Compatibility mode? Many cracked/patched apps will crash because of this, unless someone can disable ASLR somehow in Windows 7. So no one here uses Windows 7 as their cracking system?
this is probably beyond the scope of a lot of people's knowledge around here. You might want to try the MSDN forums as this seems more related to that.
If I ask this question in MSDN, will I get banned? because its more like a hacking/reversing/illegal question...
I don't agree - they will probably just tell you that this kind of information is confidential etc. or the worst thing you could get is a warning.