Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Problem With Searchandreplace Patcher

ragdog
ragdog
in Programming and Coding

Featured Replies

Posted

hi guys

i have a SearchAndReplace patcher source in masm32

search a loop algo for patch more patternsequence

can your help me

PATTERNSIZE equ sizeof SearchPattern1

PATTERNSIZE2 equ sizeof SearchPattern2

PATTERNSIZE3 equ sizeof SearchPattern3

SearchPattern1 db ...

SearchMask1 db ...

ReplacePattern1 db ...

ReplaceMask1 db ...

SearchPattern2 db ...

SearchMask2 db ...

ReplacePattern2 db ...

ReplaceMask2 db ...

SearchPattern3 db ...

SearchMask3 db ...

ReplacePattern3 db ...

ReplaceMask3 db ...

.code

...

.....

......

PatchFile proc _targetfile:dword

LOCAL local_hFile :DWORD

LOCAL local_hFileMapping:DWORD

LOCAL local_hViewOfFile :DWORD

LOCAL local_retvalue :DWORD

LOCAL local_filesize :DWORD

pushad

mov local_retvalue,0

invoke CreateFile,_targetfile,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXI

TING,FILE_ATTRIBUTE_NORMAL+FILE_ATTRIBUTE_HIDDEN,0

.if eax!=INVALID_HANDLE_VALUE

mov local_hFile,eax

invoke CreateFileMapping,eax,0,PAGE_READWRITE,0,0,0

.if eax!=NULL

mov local_hFileMapping,eax

invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0

.if eax!=NULL

mov local_hViewOfFile,eax

invoke GetFileSize,local_hFile,0

mov local_filesize,eax

push 1

push local_filesize

push PATTERNSIZE1

push offset ReplaceMask1

push offset ReplacePattern1

push offset SearchMask1

push offset SearchPattern1

push local_hViewOfFile

call SearchAndReplace

push 1

push local_filesize

push PATTERNSIZE2

push offset ReplaceMask2

push offset ReplacePattern2

push offset SearchMask2

push offset SearchPattern2

push local_hViewOfFile

call SearchAndReplace

push 1

push local_filesize

push PATTERNSIZE3

push offset ReplaceMask3

push offset ReplacePattern3

push offset SearchMask3

push offset SearchPattern3

push local_hViewOfFile

call SearchAndReplace

mov local_retvalue,eax

invoke UnmapViewOfFile,local_hViewOfFile

.endif

invoke CloseHandle,local_hFileMapping

.endif

invoke CloseHandle,local_hFile

.endif

popad

mov eax,local_retvalue

ret

PatchFile endp

thanks in forward

ragdog

Edited by ragdog

  • Author

hi

none can help me please? :(

  • Author

hi

i have this sourcecode my problem is

i search a loop routine for more bytes to patch

thanks

Take a look at this source.

@ragdog:

Could you upload the whole source ?

Edited by Ufo-Pu55y

I noticed it was DUPs code after I posted, so there was no point in keeping that post, so I deleted it. It is kind of funny though.

so I deleted it.
Ok.. got it. I was wrong. sry

EDIT/

lol.. another trashcan post. there'll be lots ^^

Edited by Ufo-Pu55y

  • Author

here is my code

snd.zip

thanks in forward

here is my code

Here's a possible solution:

What you need is a structure..

Pattern struct
	SizeOfPattern		dd	?
	SearchPattern		db	32 dup(?)
	SearchMask		db	32 dup(?)
	ReplacePattern	db	32 dup(?)
	ReplaceMask		db	32 dup(?)
Pattern ends.data
szFile		  db "file.exe",0Pat1		Pattern	<7, \
				{02Ah,045h,0EBh,000h,0C3h,000h,0EFh}, \
				{0,   0,   0,   1,   0,   1,   0}, \
				{02Ah,000h,000h,010h,033h,0C0h,000h}, \
				{0,   1,   1,   0,   0,   0,   1}>
Pat2		Pattern	<2, \
				{02Ah,045h}, \
				{0,   0}, \
				{02Ah,000h}, \
				{0,   1}>
Pat3		Pattern	<2, \
				{074h,0ebh}, \
				{0,   0}, \
				{075h,000h}, \
				{0,   1}>
PatEnd	db		NULL

Then your loop could look like this:

...
	LOCAL ActPat			:DWORD
...
			invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0
			.if eax!=NULL
				mov local_hViewOfFile,eax
				invoke GetFileSize,local_hFile,0
				mov local_filesize,eax
				lea esi, Pat1
				mov ActPat,esi
				mov al,byte ptr [esi]
				.while al != 0
					ASSUME esi:ptr Pattern
					invoke SearchAndReplace,local_hViewOfFile, \
						addr [esi].SearchPattern,addr [esi].SearchMask, \
						addr [esi].ReplacePattern,addr [esi].ReplaceMask, \
						[esi].SizeOfPattern, local_filesize,1
					ASSUME esi:nothing
					.if eax==0
						jmp quit
					.endif
					add ActPat,sizeof Pattern
					mov esi,ActPat
					mov al,byte ptr [esi]
				.endw
			quit:
				mov local_retvalue,eax
				invoke UnmapViewOfFile,local_hViewOfFile
			.endif

And if the number of Search&Replace patterns is unknown at startup

(means.. your app takes it via user input), then you could go like this:

.data?PAT		Pattern	32 dup(<?>)

..and fill this struct array later on with the user's input..

Edited by Ufo-Pu55y

  • Author

thx it is nice :D

Here's a possible solution:

What you need is a structure..

Thank Ufo-Pu55y, What and ragdog for the solution.

.if eax==0

invoke StatusProc,hWnd,SADD("...Patching failed!")

.else

invoke StatusProc,hWnd,SADD("...Patching successfull!")

.endif

It always gets error "...Patching failed!", actually the file has patched !!!

  • Author

hi

to matrix_ this problem is solved :D with this errors

i had found this source with this problem

greets

ragdog

Edited by ragdog

According diablo2oo2's search and replace patch engine, the return value in eax is 1

when a file patched.

ReturnValue in eax (1=Success 0=Failed)
...
mov local_returnvalue,1	;yes, something was patched
...

In Ufo-Pu55y's loop code

.if eax==0
jmp quit
.endif

How to fix this loop correctly with diablo2oo2's search and replace patch engine. Thank in advance. :wub:

How to fix this loop correctly with diablo2oo2's search and replace patch engine. Thank in advance. :wub:
Sry, but what's the sense in quitting a multi-patch-loop,

if only one patch was successful ? :huh:

Thank Ufo-Pu55y for your help :help . One or multi patch pattern still get error "...Patching failed!", actually the file has patched successfully. Debug it in olly: the eax value is always zero with the loop code and the eax value is 1 with normal code (one patch pattern)

Loop code - one patch pattern:

004010F8   .  68 00304000   PUSH DlgMain.00403000				   ; /Arg1 = 00403000 ASCII "file.exe"
004010FD   .  E8 7A000000   CALL DlgMain.0040117C				   ; \DlgMain.0040117C
00401102   .  0BC0		  OR EAX, EAX							 ;EAX=00000000--> should be =00000001
00401104   .  75 0F		 JNZ SHORT DlgMain.00401115
00401106   .  68 8E304000   PUSH DlgMain.0040308E				   ;  ASCII "...Patching failed"
0040110B   .  FF75 08	   PUSH DWORD PTR SS:[EBP+8]
0040110E   .  E8 35000000   CALL DlgMain.00401148
00401113   .  EB 0D		 JMP SHORT DlgMain.00401122
00401115   >  68 A4304000   PUSH DlgMain.004030A4				   ;  ASCII "...Patching successfull"

Normal code - one patch pattern::

004010FD   .  E8 7A000000   CALL DlgMain.0040117C				   ; \DlgMain.0040117C
00401102   .  0BC0		  OR EAX, EAX							 ;EAX=00000001
00401104   .  75 0F		 JNZ SHORT DlgMain.00401115 
00401106   .  68 25304000   PUSH DlgMain.00403025				   ;  ASCII "...Patching failed"
0040110B   .  FF75 08	   PUSH DWORD PTR SS:[EBP+8]
0040110E   .  E8 35000000   CALL DlgMain.00401148
00401113   .  EB 0D		 JMP SHORT DlgMain.00401122
00401115   >  68 38304000   PUSH DlgMain.00403038				   ;  ASCII "...Patching successfull"

Edited by Matrix_

Ahhh.. now I got what u meant.

Simply add 'inc eax' after the loop,

and u'll get ur "Patching successfull!" ;)

...
	LOCAL ActPat			:DWORD
...
			invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0
			.if eax!=NULL
				mov local_hViewOfFile,eax
				invoke GetFileSize,local_hFile,0
				mov local_filesize,eax
				lea esi, Pat1
				mov ActPat,esi
				mov al,byte ptr [esi]
				.while al != 0
					ASSUME esi:ptr Pattern
					invoke SearchAndReplace,local_hViewOfFile, \
						addr [esi].SearchPattern,addr [esi].SearchMask, \
						addr [esi].ReplacePattern,addr [esi].ReplaceMask, \
						[esi].SizeOfPattern, local_filesize,1
					ASSUME esi:nothing
					.if eax==0
						jmp quit
					.endif
					add ActPat,sizeof Pattern
					mov esi,ActPat
					mov al,byte ptr [esi]
				.endw
				INC EAX; <--------------------- !!!!!!!!!!!!!!!!!!!!!!!!!!!!
			quit:
				mov local_retvalue,eax
				invoke UnmapViewOfFile,local_hViewOfFile
			.endif

Many thanks Ufo-Pu55y :flowers: . Just increase the value + 1, and it's working ! :bomb: Thank Ufo-Pu55y again. :wub:

Regards !

  • 12 years later...

can someone pls help me

i have hex pattern of 22 &  31 & it generating error

error A2041: string or text literal too long

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.