Well... there some exports in some DLLs wich I want to change...
I've made a edited copy of the export and I want to patch the export in the original DLL with the copy in my own DLL...
I've tried it and I fail miserably... :(

My code looks like this:

.data

abc_dll db "abc.dll",0

function db "abc_function",0

.code

abc_function_Edited proc

mov eax,0
ret


abc_function_Edited endp

;----------------------------------------------------------

Changing proc
LOCAL OLdProt:DWORD
LOCAL abc_f:DWORD

pushad
pushfd

invoke GetModuleHandle, addr abc_dll
invoke GetProcAddress, eax, addr function
mov abc_f,eax

invoke VirtualProtect, addr abc_f, 96, PAGE_EXECUTE_READWRITE, OldProt
mov abc_f,eax

cld
mov ecx,LENGTHOF abc_f
mov esi,abc_function_Edited
mov edi,abc_f
rep movsb

popfd
popad

Changing endp



Nothing works :sad:

What's wrong?  :sad:

can anyone help me?  :D
Posted on 2009-05-10 21:06:34 by GermainR27
help?  :sad:
Posted on 2009-05-11 13:10:37 by GermainR27

Well... there some exports in some DLLs wich I want to change...
I've made a edited copy of the export and I want to patch the export in the original DLL with the copy in my own DLL...
I've tried it and I fail miserably... :(

My code looks like this:

.data

abc_dll db "abc.dll",0

function db "abc_function",0

.code

abc_function_Edited proc

mov eax,0
ret


abc_function_Edited endp

;----------------------------------------------------------

Changing proc
LOCAL OLdProt:DWORD
LOCAL abc_f:DWORD

pushad
pushfd

invoke GetModuleHandle, addr abc_dll
invoke GetProcAddress, eax, addr function
mov abc_f,eax

invoke VirtualProtect, addr abc_f, 96, PAGE_EXECUTE_READWRITE, OldProt
mov abc_f,eax  <<< YOU JUST OVERWROTE THE ADDRESS WITH THE RETURN VALUE FROM VIRTUALPROTECT...

cld
mov ecx,LENGTHOF abc_f  << UNSURE IF THIS IS RIGHT EITHER.. ITS PROBABLY 'TRANSLATED' AS MOV ECX, 4...
mov esi,abc_function_Edited
mov edi,abc_f                       << THIS IS NOW SCREWED BECAUSE OF THE BUG ABOVE
rep movsb

popfd
popad

Changing endp



Nothing works :sad:

What's wrong?  :sad:

can anyone help me?  :D


.data

abc_dll db "abc.dll",0

function db "abc_function",0

.code

abc_function_Edited proc

mov eax,0
ret

abc_function_Edited endp

abc_function_edited_size equ $ - offset abc_function_Edited

;----------------------------------------------------------

Changing proc
LOCAL OLdProt:DWORD
LOCAL abc_f:DWORD

pushad
pushfd

invoke GetModuleHandle, addr abc_dll
invoke GetProcAddress, eax, addr function
mov ,eax

invoke VirtualProtect, addr abc_f, 96, PAGE_EXECUTE_READWRITE, OldProt << think this is wrong too, addr OldProt and maybe.. i hate invoke :)

cld
mov ecx, abc_function_edited_size
mov esi, offset abc_function_Edited
mov edi,
rep movsb

popfd
popad

Changing endp

something like that.. try debugging it, also what you're doing might infringe on some of the board rules, but i suspect a mod will step in if that is the case
Posted on 2009-05-11 13:29:11 by evlncrn8