Jump to content
Tuts 4 You

Patches


Guest sonic_00

Recommended Posts

Guest sonic_00
Posted

hi,

i want to create a patch for a general program, but i'm not sure how to do it.

i thought to this solution:

1 - modify the exe file;

2 - compare the normal file with the modified one to find the different bytes;

3 - put into an array the position of the bytes in the code and their new values;

4 - tell the program to open the normal exe file, find the bytes and modify them with the new values

5 - close the exe file.

is this the right way? and do you know other solutions?

and of course, sorry if my english is cruel ;)

Posted

That's exactly what I do in my patches, it's a good way :)

Good luck

Nacho_dj

Posted
... and do you know other solutions?
I think the only other solution is to ask the devs not to protect it... lol
Posted

Your general theory is correct, sure. If you're struggling as to exactly how to do it, there are loads of source codes knocking around the place - all you really need is one example and it should show you what you need to know!

Guest sonic_00
Posted

I GOT IT!

I've done a full-working patch both with Delphi and C++!

Yeahhhh! :yahoo:

Posted

That's good ........ do you have some sample's of your patcher in Delphi and C++ to show to us.... :rolleyes:

aNtRoBs

Guest sonic_00
Posted
That's good ........ do you have some sample's of your patcher in Delphi and C++ to show to us.... :rolleyes:

Well, in this example (Delphi) i've patched TSRh Trial KeyGenME (Yes, i know you mustn't patch it, but it's only for example :rolleyes: )

so, after we've patched the keygenme and saved it with a different name, let's see wich bytes are different:

(original file is "1.exe" and the modified one "1_mod.exe" ;) )

var
Original,Modified, Target : file;
Buffer,Buffer1,Buffer3 : integer;
i : integer;procedure TForm1.Button1Click(Sender: TObject);
begin
AssignFile(original,'1.exe');
Reset(original,1);
AssignFile(modified,'1_mod.exe');
Reset(modified,1);
i := 1;
repeat
BlockRead(Original,Buffer,1);
BlockRead(Modified,Buffer1,1);
if not(Buffer = Buffer1) then begin
memo2.Lines.Add(IntToStr(Buffer1));
memo1.Lines.Add(IntToStr(i));
end;
i := i +1;
until EoF(Original);
CloseFile(Original);
CloseFile(Modified);end;

only ONE byte changed! :turned:

its position in the exe is 3894 ad its new value 235.

we have now in "memo1" the position of the byte, and in "memo2" the new value. Right?

let's name the original file "target.exe" and patch it with this proc:


procedure TForm1.Button2Click(Sender: TObject);
begin
Buffer3 := 235;
AssignFile(Target,'Target.exe');
Reset(Target,1);
Seek(Target,3893); //finds the right position - 1 : 3893
BlockWrite(Target,Buffer3,1); //then writes 235 in the next position (the correct position) : 3894
CloseFile(Target);
ShowMessage('Operazione completata!');
end;

we GOT it... :rolleyes:

is it all clear?

  • 4 weeks later...
Guest devilclaw
Posted

Cool..

Your code search and replace different bytes... but, can you show me a code to change a specific hex address?

thankz

Posted

Just use SetFilePointer. In MASM, something like:

.data
FileName db "crackme.exe",0
FileOffset dd 00025DDBh
ReplaceBy db 90h,90h,90h,90h,90h
ReplaceSize dd 5h
fhandle dd ?
fsize dd ?
bwrite dd ?
.codeinvoke CreateFile, addr FileName, GENERIC_READ or GENERIC_WRITE, NULL, NULL,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULLmov fhandle,eax
invoke SetFilePointer, fhandle, FileOffset, 0, 0
mov fsize, eax
invoke WriteFile, fhandle, ADDR ReplaceBy, ReplaceSize, ADDR bwrite, 0
invoke CloseHandle, fhandle

Add error checking and stuff, obviously

Posted (edited)

Hello

Check Win32_Assembler_Coding_for_Crackers_by_Goppit_v11.chm for a ASM Patch ;)

Cheers B)

Edited by PiONEER
Guest devilclaw
Posted (edited)
Hello

Check Win32_Assembler_Coding_for_Crackers_by_Goppit_v11.chm for a ASM Patch ;)

Cheers B)

I was talking about delphi language, but I'll try to do my patch using asm..

Thankz about the tutorial, I'll study this..

Edited by devilclaw
Guest devilclaw
Posted

@PiONEER

I've already downloaded 3 times from URL http://www.tuts4you.com/blogs/request.php?1230

and all times WinRar are showing me this error:

! C:\Downloads\Win32 Assembler Coding for Crackers v11.rar: Invalid or corrupt authenticity information

Can you send Win32_Assembler_Coding_for_Crackers_by_Goppit_v11.chm to rapidshare ou other fileshare service?

thanks in advance

Guest devilclaw
Posted
If you took the time to read the FAQ on Tuts 4 You:

http://www.tuts4you.com/blogs/e107_plugins/faq/faq.php

It would explain why you are getting the authenticity verification error...

Ted.

Sorry Ted,

I read now, but Winrar cannot extract the file.. still getting the message:

!   C:\Documents and Settings\Administrator\Desktop\Win32 Assembler Coding for Crackers v11.rar: Unexpected end of archive
! C:\Documents and Settings\Administrator\Desktop\Win32 Assembler Coding for Crackers v11.rar: CRC failed in Win32 Assembler Coding for Crackers v11\Win32_Assembler_Coding_for_Crackers_by_Goppit_v11.chm. The file is corrupt
! C:\Documents and Settings\Administrator\Desktop\Win32 Assembler Coding for Crackers v11.rar: Unexpected end of archive

Look a screenshot of Info about this file:

winrarfilefa4.jpg

Authenticity verification: Absent

This happen because my WinRar is registered with another name or because the rar file is not signed?

Teddy Rogers
Posted

Just downloaded direct from Tuts 4 You page and tested here and there are no errors.

The reason for absent authenticity verification is because you are using a cracked copy of WinRAR. Different cracks seem to handle the authenticity verification differently, some say it is invalid and in other cases such as yours, it seems, say that it isn't present...

Ted.

Guest devilclaw
Posted

Thankz Vrane for the link!

PiONEER, this tutorial rulez :clap2::clap3: Thank you very much! I cant stop to read :D

Ted, I'll try to install another version (a new beta) that just use a keyfile not a crack, later I post here to you the results.

Posted

Hello

HeHe nice ;) try it... i have one for Delphi but it is Privat ;)

Cheers B)

Guest devilclaw
Posted (edited)

@Ted

You right! I search for a non-patched winrar but no success today, I just found one but I think that the EXE its already patched... and that key its already blacklisted at oficial winrar site.. I will wait a next version :(

@PiONEER

What this delphi tutorial teach? I'm curious now :mellow:

I think that Asm tuto for cracking will do all my job :)

Edited by devilclaw
Posted

Hello

@devilclaw Yep ASM is good try it ;) it do the job for you :P

Cheers B)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...