Hi there

first off , i just registered and want to say hello to everybody.
But right on to my problem !
I am fairly new to win32 assembly and i have now made an attempt to implement masta's tutorial about patching
(can be found at http://win32assembly.online.fr/w32_01.txt).
I have altered some stuff and basicly it does the job. But what bothers me is a messed up MessageBox , and i just don't know why it won't work
Link to a picture : http://img156.imageshack.us/img156/2967/msgboxyw9.jpg

If it doesn't jump to the success message (if sequence is not found) which is messed up, i get another MsgBox without caption or text - so my other MsgBox doesn't work either. However, the "welcome" message is as it should be

my source :


.386
.model flat, stdcall
option casemap : none

include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib

inv equ invoke
.data
;----------------------------------
datei db "hallowelt.exe" ,0
ersetze db "Test"
ersetzemit db "XXXX"
len equ $-ersetzemit
fHandle DWORD 0
fSize DWORD 0
ofstruct OFSTRUCT <>
fpoffset dd ?
memptr dd ?
bread dd ?
bwritten dd ?
;----------------------------------
tintro db "Press OK to patch" ,0
cintro db "Patcher 0.1", 0
cnix db "Nichts gefunden" ,0
cerror db "Error" ,0
terfolg db "Patch done",0
cerfolg db "Erfolg" ,0
;----------------------------------

.code
start :
    inv MessageBox , NULL, addr tintro, addr cintro, MB_OK
    inv OpenFile , addr datei , addr ofstruct, OF_READWRITE
    mov fHandle, eax
    inv GetFileSize , fHandle, NULL
    mov fSize, eax
    inv GlobalAlloc , NULL, fSize
    mov memptr, eax
    inv ReadFile , fHandle, addr memptr, fSize, addr bread, NULL
    mov edi, offset memptr
    mov ecx, fSize
    mov esi, offset ersetze
    mov al, byte ptr
  loop_:
    repnz scasb
    cmp ecx, 0
    je nichts_gefunden_
    push ecx
    push edi
    push esi
    dec edi
    mov ecx, len
    repz cmpsb
    cmp ecx, 0
    je patch_
    pop esi
    pop edi
    pop ecx
    jmp loop_
  patch_:
    pop esi
    pop edi
    pop ecx
    dec edi
    inc ecx
    mov eax, fSize
    sub eax, ecx
    mov fpoffset, eax
    inv SetFilePointer , fHandle, fpoffset, NULL, FILE_BEGIN
    inv WriteFile , fHandle, addr ersetzemit, len, addr bwritten, NULL
    jmp erfolg_
  nichts_gefunden_:
    inv MessageBox , NULL, addr cnix, addr cerror, MB_OK
    jmp ende_
  erfolg_:
    inv MessageBox , NULL, addr terfolg, addr cerfolg, MB_OK
    jmp ende_
  ende_:
    inv GlobalFree , memptr
    inv CloseHandle , fHandle
    inv ExitProcess , NULL
end start     


would be nice if you could point me to a solution
thank you very much !

f0dder edit: added code tags.
Posted on 2007-01-31 11:12:22 by mindmanipulation
Works fine for me. I copy pasted it as is.
Attachments:
Posted on 2007-01-31 12:38:43 by JimmyClif
Hi,
thank you for your effort  8) .
I have tried the same now, and modified my source so it would read/write a TXT file and built it again. Now the messageboxes are just fine ... so it means I am doing something wrong when accessing the executable file ?
(hallowelt.exe is just a generic "hello world" program I used as target).
What am I doing wrong ?

thx !
Posted on 2007-01-31 12:56:01 by mindmanipulation

inv ReadFile , fHandle, addr memptr, fSize, addr bread, NULL

- you're overwriting memptr and onwards, not the memory it's pointing to. So for files > 4 bytes, you end up overwriting bread, bwritten, et cetera. Drop the addr and it should work.

Also, while "patching" by itself is perfectly fine etc., do keep in mind that we don't want cracking and related stuff here, and patching exe files is one of those pretty gray areas... Just a friendly reminder :)
Posted on 2007-01-31 15:30:57 by f0dder
Thank you for your reply, I found my mistake !
I didn't read carefully that GlobalAlloc already returns a pointer to a memory region.
(However, theres another error in my code right below the line you pointed out :
It then must be
mov edi, memptr)
As far as patching exe's is concerned, I just thought it was a nice tutorial and its a bit more entertaining than modifying a simple text file ;)
But I now have read the Community rules and I will comply.
Posted on 2007-01-31 17:49:59 by mindmanipulation