Jump to content
Tuts 4 You


Guest sonic_00

Recommended Posts

Guest sonic_00


i want to create a patch for a general program, but i'm not sure how to do it.

i thought to this solution:

1 - modify the exe file;

2 - compare the normal file with the modified one to find the different bytes;

3 - put into an array the position of the bytes in the code and their new values;

4 - tell the program to open the normal exe file, find the bytes and modify them with the new values

5 - close the exe file.

is this the right way? and do you know other solutions?

and of course, sorry if my english is cruel ;)

Link to comment

Your general theory is correct, sure. If you're struggling as to exactly how to do it, there are loads of source codes knocking around the place - all you really need is one example and it should show you what you need to know!

Link to comment
Guest sonic_00
That's good ........ do you have some sample's of your patcher in Delphi and C++ to show to us.... :rolleyes:

Well, in this example (Delphi) i've patched TSRh Trial KeyGenME (Yes, i know you mustn't patch it, but it's only for example :rolleyes: )

so, after we've patched the keygenme and saved it with a different name, let's see wich bytes are different:

(original file is "1.exe" and the modified one "1_mod.exe" ;) )

Original,Modified, Target : file;
Buffer,Buffer1,Buffer3 : integer;
i : integer;procedure TForm1.Button1Click(Sender: TObject);
i := 1;
if not(Buffer = Buffer1) then begin
i := i +1;
until EoF(Original);

only ONE byte changed! :turned:

its position in the exe is 3894 ad its new value 235.

we have now in "memo1" the position of the byte, and in "memo2" the new value. Right?

let's name the original file "target.exe" and patch it with this proc:

procedure TForm1.Button2Click(Sender: TObject);
Buffer3 := 235;
Seek(Target,3893); //finds the right position - 1 : 3893
BlockWrite(Target,Buffer3,1); //then writes 235 in the next position (the correct position) : 3894
ShowMessage('Operazione completata!');

we GOT it... :rolleyes:

is it all clear?

Link to comment
  • 4 weeks later...
Guest devilclaw


Your code search and replace different bytes... but, can you show me a code to change a specific hex address?


Link to comment

Just use SetFilePointer. In MASM, something like:

FileName db "crackme.exe",0
FileOffset dd 00025DDBh
ReplaceBy db 90h,90h,90h,90h,90h
ReplaceSize dd 5h
fhandle dd ?
fsize dd ?
bwrite dd ?
invoke SetFilePointer, fhandle, FileOffset, 0, 0
mov fsize, eax
invoke WriteFile, fhandle, ADDR ReplaceBy, ReplaceSize, ADDR bwrite, 0
invoke CloseHandle, fhandle

Add error checking and stuff, obviously

Link to comment


Check Win32_Assembler_Coding_for_Crackers_by_Goppit_v11.chm for a ASM Patch ;)

Cheers B)

Edited by PiONEER
Link to comment
Guest devilclaw

Check Win32_Assembler_Coding_for_Crackers_by_Goppit_v11.chm for a ASM Patch ;)

Cheers B)

I was talking about delphi language, but I'll try to do my patch using asm..

Thankz about the tutorial, I'll study this..

Edited by devilclaw
Link to comment
Guest devilclaw


I've already downloaded 3 times from URL http://www.tuts4you.com/blogs/request.php?1230

and all times WinRar are showing me this error:

! C:\Downloads\Win32 Assembler Coding for Crackers v11.rar: Invalid or corrupt authenticity information

Can you send Win32_Assembler_Coding_for_Crackers_by_Goppit_v11.chm to rapidshare ou other fileshare service?

thanks in advance

Link to comment
Guest devilclaw
If you took the time to read the FAQ on Tuts 4 You:


It would explain why you are getting the authenticity verification error...


Sorry Ted,

I read now, but Winrar cannot extract the file.. still getting the message:

!   C:\Documents and Settings\Administrator\Desktop\Win32 Assembler Coding for Crackers v11.rar: Unexpected end of archive
! C:\Documents and Settings\Administrator\Desktop\Win32 Assembler Coding for Crackers v11.rar: CRC failed in Win32 Assembler Coding for Crackers v11\Win32_Assembler_Coding_for_Crackers_by_Goppit_v11.chm. The file is corrupt
! C:\Documents and Settings\Administrator\Desktop\Win32 Assembler Coding for Crackers v11.rar: Unexpected end of archive

Look a screenshot of Info about this file:


Authenticity verification: Absent

This happen because my WinRar is registered with another name or because the rar file is not signed?

Link to comment
Teddy Rogers

Just downloaded direct from Tuts 4 You page and tested here and there are no errors.

The reason for absent authenticity verification is because you are using a cracked copy of WinRAR. Different cracks seem to handle the authenticity verification differently, some say it is invalid and in other cases such as yours, it seems, say that it isn't present...


Link to comment
Guest devilclaw

Thankz Vrane for the link!

PiONEER, this tutorial rulez :clap2::clap3: Thank you very much! I cant stop to read :D

Ted, I'll try to install another version (a new beta) that just use a keyfile not a crack, later I post here to you the results.

Link to comment
Guest devilclaw


You right! I search for a non-patched winrar but no success today, I just found one but I think that the EXE its already patched... and that key its already blacklisted at oficial winrar site.. I will wait a next version :(


What this delphi tutorial teach? I'm curious now :mellow:

I think that Asm tuto for cracking will do all my job :)

Edited by devilclaw
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...