Hi Coders,
i've downloaded _masta_'s tutorial no. 1 (i.e. the search & destroy patcher). This Program reads a file in memory, searches for a specific pattern and changes it to the new value. The problem is that my pattern isn't found. The source is TASM specific and I want it to work under MASM. Maybe you find the errors and can help me... :)
I've posted my try to convert it to MASM... Have a look at it...
Here's the link to _masta_'s tutorial:
Thx a lot,
DaEagle99
i've downloaded _masta_'s tutorial no. 1 (i.e. the search & destroy patcher). This Program reads a file in memory, searches for a specific pattern and changes it to the new value. The problem is that my pattern isn't found. The source is TASM specific and I want it to work under MASM. Maybe you find the errors and can help me... :)
I've posted my try to convert it to MASM... Have a look at it...
Here's the link to _masta_'s tutorial:
Thx a lot,
DaEagle99
File patchers are technically very simple things to write, know the address of the data you wish to change, write the bytes you want at that location.
File patching is a method of upgrading software or alternatively for registering software. It is a common method used by shareware programmers and companies that supply upgrades to their existing products. The MASM 6.14 patch from Microsoft is a good example.
Just make sure that these toys are not set up or used for illegal purposes as this forum will not allow unacceptable content and the "furry paw" of fearless leader will come down upon those who try it.
Regards,
hutch@movsd.com
File patching is a method of upgrading software or alternatively for registering software. It is a common method used by shareware programmers and companies that supply upgrades to their existing products. The MASM 6.14 patch from Microsoft is a good example.
Just make sure that these toys are not set up or used for illegal purposes as this forum will not allow unacceptable content and the "furry paw" of fearless leader will come down upon those who try it.
Regards,
hutch@movsd.com
Here's some code from the patcher I wrote. Should be easy to understand :)
[...]
invoke CreateFile, addr szBakBuffer, GENERIC_READ or GENERIC_WRITE,
0, 0, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, 0
mov hFile, eax
inc eax
or eax, eax
jz @@error_open
invoke GetFileSize, hFile, 0
mov hSize, eax
cmp eax, nSize
jne @@error_size
invoke GlobalAlloc, GHND, hSize
mov hMem, eax
invoke GlobalLock, eax
mov pMem, eax
invoke ReadFile, hFile, pMem, hSize, addr hTmp, 0
mov ecx, pMem
mov byte ptr [ecx+00033131h], 090h ; 90h = nop
invoke CreateFile, addr szCrkTarget, GENERIC_WRITE, 0, 0,
CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0
push eax
invoke WriteFile, eax, pMem, hSize, addr hTmp, 0
pop eax
invoke CloseHandle, eax
invoke MessageBox, hWin, addr szFinished, addr szCopyright, MB_ICONINFORMATION or MB_OK
jmp @@exit
@@error_open:
invoke MessageBox, hWin, addr szOpenError, 0, MB_ICONERROR or MB_OK
jmp @@exit
@@error_size:
invoke MessageBox, hWin, addr szSizeError, 0, MB_ICONERROR or MB_OK
jmp @@exit
@@exit:
invoke GlobalUnlock, pMem
invoke GlobalFree, hMem
invoke CloseHandle, hFile
[...]
Hi bAZiK,
thanks for your reply but this is not what i am looking for. I am looking for a code that searches a given string in a exe file an replaces this. I want to write a config program for my login program. The values that the user sets (i.e. password, etc.) should be written directly in the main executable so no additional ini's or reg entrys are made.
DaEagle99
thanks for your reply but this is not what i am looking for. I am looking for a code that searches a given string in a exe file an replaces this. I want to write a config program for my login program. The values that the user sets (i.e. password, etc.) should be written directly in the main executable so no additional ini's or reg entrys are made.
DaEagle99
...The values that the user sets (i.e. password, etc.) should be written directly in the main executable so no additional ini's or reg entrys are made.
Why to search for the string, if you want to do what you described? You can look up the location of the strings with a hex editor and place the correct offsets in my code. Just do a loop, wich increments the offset by one for each char of the password and you're done :cool:
Well, you're right... This would be the easiest and fastest way to do... I'll give it a try... Thanx
Just remember that you will have to do the configuration from an
external program, as you cannot write to an executable file that is
in-use.
Back in the old dos days, this was all very easy. You could calculate
file offset of a variable from a SEG:OFS pair.
external program, as you cannot write to an executable file that is
in-use.
Back in the old dos days, this was all very easy. You could calculate
file offset of a variable from a SEG:OFS pair.
Ok, I don't want to be too naive on this subject, however, I'm really curious how this works...
if you want to search through a file for a specific hex/dec code how do you go about that?
sorta like those programs like "gamecheater" -- the ones that search a program for the hex or dec. code and then you change it's value and they check for it again with its new value.
I don't mind source on the issue, but any information on the subject would be nice... I'm checking out Icz tutorials on debugging, but they seem a bit too specific (eip must contain the next value so all we have to do with put in 2 nop's -- example 29)
Sliver
if you want to search through a file for a specific hex/dec code how do you go about that?
sorta like those programs like "gamecheater" -- the ones that search a program for the hex or dec. code and then you change it's value and they check for it again with its new value.
I don't mind source on the issue, but any information on the subject would be nice... I'm checking out Icz tutorials on debugging, but they seem a bit too specific (eip must contain the next value so all we have to do with put in 2 nop's -- example 29)
Sliver
Those GAMECHEAT style patchers require that the target file be loaded into memory, either by you, or by the operating system. Either way, you may now search through the range of memory for your data and modify it in any way you wish - but the changes are NOT permanent.
Should you wish to make the changes permanent, and the target is not executable, you may simply save the new file... but if it is executable, you have two ways to go - you can write a small program which makes this change in memory every time the exe is loaded into memory (AFTER it is loaded) or you can attempt to save the new exe image and then correct the CRC checksum.
A CRC (cyclic redundancy check) is basically just a tally of all the data in the file ... although there are several different algorythms for calculating these, depending on the situation.
The checksum is the Tally stored within the file also (checksum is usually calculated with tally=0)
It is used to determine if the data in the file is at all corrupted (which is what you have done by modifying it).
I will only confuse you further by attempting to describe the easiest methods of CRC-repair, so I won't go there right now.
Rest assured there are existing tools to repair incorrect CRC in executables and you don't need to worry about it.
Don't use these techniques to mess with copyrighted software or else Hutch will stomp on you !! LOL
(BTW Hutch I'm from Melbourne, Vic. and a cranky old bastard also :p)
Should you wish to make the changes permanent, and the target is not executable, you may simply save the new file... but if it is executable, you have two ways to go - you can write a small program which makes this change in memory every time the exe is loaded into memory (AFTER it is loaded) or you can attempt to save the new exe image and then correct the CRC checksum.
A CRC (cyclic redundancy check) is basically just a tally of all the data in the file ... although there are several different algorythms for calculating these, depending on the situation.
The checksum is the Tally stored within the file also (checksum is usually calculated with tally=0)
It is used to determine if the data in the file is at all corrupted (which is what you have done by modifying it).
I will only confuse you further by attempting to describe the easiest methods of CRC-repair, so I won't go there right now.
Rest assured there are existing tools to repair incorrect CRC in executables and you don't need to worry about it.
Don't use these techniques to mess with copyrighted software or else Hutch will stomp on you !! LOL
(BTW Hutch I'm from Melbourne, Vic. and a cranky old bastard also :p)
Thanks, I've been working at a program to edit the "memory" of the program -- not the program itself (disclaimer) :)
Other thread about trainers
Anyway, I thought this would be alot easier to do than it actually is -- I've never written a patcher and scanning for byte patterns isn't going to well as of yet.
but I'm still working :) If you come across anything that might help out please pass it along...
Thanks,
Sliver
Other thread about trainers
Anyway, I thought this would be alot easier to do than it actually is -- I've never written a patcher and scanning for byte patterns isn't going to well as of yet.
but I'm still working :) If you come across anything that might help out please pass it along...
Thanks,
Sliver
No need to update PE checksum unless you're messing with NT drivers.
And then you'll have a lot more to think about than just the PE checksum :).
And then you'll have a lot more to think about than just the PE checksum :).
Somewhere, or someplace, I remember seeing a TEXT on converting from MASM to TASM source, not sure it would apply to MASM32, but you never know, will dive into my HD, and try and find it.
If you don't hear from me in 5 days, assume, the drive crashed, with me in it. tell my MOM, I died a without any pain ...:).
Well, except for that terminal eyestrain...:)
Anunitu
If you don't hear from me in 5 days, assume, the drive crashed, with me in it. tell my MOM, I died a without any pain ...:).
Well, except for that terminal eyestrain...:)
Anunitu