Jump to content
Tuts 4 You

Problem With Searchandreplace Patcher

ragdog

By ragdog
in Programming and Coding

Recommended Posts

ragdog

ragdog

Posted
Posted (edited)

hi guys

i have a SearchAndReplace patcher source in masm32

search a loop algo for patch more patternsequence

can your help me

PATTERNSIZE equ sizeof SearchPattern1

PATTERNSIZE2 equ sizeof SearchPattern2

PATTERNSIZE3 equ sizeof SearchPattern3

SearchPattern1 db ...

SearchMask1 db ...

ReplacePattern1 db ...

ReplaceMask1 db ...

SearchPattern2 db ...

SearchMask2 db ...

ReplacePattern2 db ...

ReplaceMask2 db ...

SearchPattern3 db ...

SearchMask3 db ...

ReplacePattern3 db ...

ReplaceMask3 db ...

.code

...

.....

......

PatchFile proc _targetfile:dword

LOCAL local_hFile :DWORD

LOCAL local_hFileMapping:DWORD

LOCAL local_hViewOfFile :DWORD

LOCAL local_retvalue :DWORD

LOCAL local_filesize :DWORD

pushad

mov local_retvalue,0

invoke CreateFile,_targetfile,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXI

TING,FILE_ATTRIBUTE_NORMAL+FILE_ATTRIBUTE_HIDDEN,0

.if eax!=INVALID_HANDLE_VALUE

mov local_hFile,eax

invoke CreateFileMapping,eax,0,PAGE_READWRITE,0,0,0

.if eax!=NULL

mov local_hFileMapping,eax

invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0

.if eax!=NULL

mov local_hViewOfFile,eax

invoke GetFileSize,local_hFile,0

mov local_filesize,eax

push 1

push local_filesize

push PATTERNSIZE1

push offset ReplaceMask1

push offset ReplacePattern1

push offset SearchMask1

push offset SearchPattern1

push local_hViewOfFile

call SearchAndReplace

push 1

push local_filesize

push PATTERNSIZE2

push offset ReplaceMask2

push offset ReplacePattern2

push offset SearchMask2

push offset SearchPattern2

push local_hViewOfFile

call SearchAndReplace

push 1

push local_filesize

push PATTERNSIZE3

push offset ReplaceMask3

push offset ReplacePattern3

push offset SearchMask3

push offset SearchPattern3

push local_hViewOfFile

call SearchAndReplace

mov local_retvalue,eax

invoke UnmapViewOfFile,local_hViewOfFile

.endif

invoke CloseHandle,local_hFileMapping

.endif

invoke CloseHandle,local_hFile

.endif

popad

mov eax,local_retvalue

ret

PatchFile endp

thanks in forward

ragdog

Edited by ragdog
ragdog

ragdog

Posted
  • Author
Posted

hi

none can help me please? :(

ragdog

ragdog

Posted
  • Author
Posted

hi

i have this sourcecode my problem is

i search a loop routine for more bytes to patch

thanks

Ufo-Pu55y

Ufo-Pu55y

Posted
Posted (edited)

@ragdog:

Could you upload the whole source ?

Edited by Ufo-Pu55y
What

What

Posted
Posted

I noticed it was DUPs code after I posted, so there was no point in keeping that post, so I deleted it. It is kind of funny though.

Ufo-Pu55y

Ufo-Pu55y

Posted
Posted (edited)
so I deleted it.
Ok.. got it. I was wrong. sry

EDIT/

lol.. another trashcan post. there'll be lots ^^

Edited by Ufo-Pu55y
Ufo-Pu55y

Ufo-Pu55y

Posted
Posted (edited)
here is my code

Here's a possible solution:

What you need is a structure..

Pattern struct
	SizeOfPattern		dd	?
	SearchPattern		db	32 dup(?)
	SearchMask		db	32 dup(?)
	ReplacePattern	db	32 dup(?)
	ReplaceMask		db	32 dup(?)
Pattern ends.data
szFile		  db "file.exe",0Pat1		Pattern	<7, \
				{02Ah,045h,0EBh,000h,0C3h,000h,0EFh}, \
				{0,   0,   0,   1,   0,   1,   0}, \
				{02Ah,000h,000h,010h,033h,0C0h,000h}, \
				{0,   1,   1,   0,   0,   0,   1}>
Pat2		Pattern	<2, \
				{02Ah,045h}, \
				{0,   0}, \
				{02Ah,000h}, \
				{0,   1}>
Pat3		Pattern	<2, \
				{074h,0ebh}, \
				{0,   0}, \
				{075h,000h}, \
				{0,   1}>
PatEnd	db		NULL

Then your loop could look like this:

...
	LOCAL ActPat			:DWORD
...
			invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0
			.if eax!=NULL
				mov local_hViewOfFile,eax
				invoke GetFileSize,local_hFile,0
				mov local_filesize,eax
				lea esi, Pat1
				mov ActPat,esi
				mov al,byte ptr [esi]
				.while al != 0
					ASSUME esi:ptr Pattern
					invoke SearchAndReplace,local_hViewOfFile, \
						addr [esi].SearchPattern,addr [esi].SearchMask, \
						addr [esi].ReplacePattern,addr [esi].ReplaceMask, \
						[esi].SizeOfPattern, local_filesize,1
					ASSUME esi:nothing
					.if eax==0
						jmp quit
					.endif
					add ActPat,sizeof Pattern
					mov esi,ActPat
					mov al,byte ptr [esi]
				.endw
			quit:
				mov local_retvalue,eax
				invoke UnmapViewOfFile,local_hViewOfFile
			.endif

And if the number of Search&Replace patterns is unknown at startup

(means.. your app takes it via user input), then you could go like this:

.data?PAT		Pattern	32 dup(<?>)

..and fill this struct array later on with the user's input..

Edited by Ufo-Pu55y
black8x

black8x

Posted
Posted
Here's a possible solution:

What you need is a structure..

Thank Ufo-Pu55y, What and ragdog for the solution.

.if eax==0

invoke StatusProc,hWnd,SADD("...Patching failed!")

.else

invoke StatusProc,hWnd,SADD("...Patching successfull!")

.endif

It always gets error "...Patching failed!", actually the file has patched !!!

ragdog

ragdog

Posted
  • Author
Posted (edited)

hi

to matrix_ this problem is solved :D with this errors

i had found this source with this problem

greets

ragdog

Edited by ragdog
black8x

black8x

Posted
Posted

According diablo2oo2's search and replace patch engine, the return value in eax is 1

when a file patched.

ReturnValue in eax (1=Success 0=Failed)
...
mov local_returnvalue,1	;yes, something was patched
...

In Ufo-Pu55y's loop code

.if eax==0
jmp quit
.endif

How to fix this loop correctly with diablo2oo2's search and replace patch engine. Thank in advance. :wub:

Ufo-Pu55y

Ufo-Pu55y

Posted
Posted
How to fix this loop correctly with diablo2oo2's search and replace patch engine. Thank in advance. :wub:
Sry, but what's the sense in quitting a multi-patch-loop,

if only one patch was successful ? :huh:

black8x

black8x

Posted
Posted (edited)

Thank Ufo-Pu55y for your help :help . One or multi patch pattern still get error "...Patching failed!", actually the file has patched successfully. Debug it in olly: the eax value is always zero with the loop code and the eax value is 1 with normal code (one patch pattern)

Loop code - one patch pattern:

004010F8   .  68 00304000   PUSH DlgMain.00403000				   ; /Arg1 = 00403000 ASCII "file.exe"
004010FD   .  E8 7A000000   CALL DlgMain.0040117C				   ; \DlgMain.0040117C
00401102   .  0BC0		  OR EAX, EAX							 ;EAX=00000000--> should be =00000001
00401104   .  75 0F		 JNZ SHORT DlgMain.00401115
00401106   .  68 8E304000   PUSH DlgMain.0040308E				   ;  ASCII "...Patching failed"
0040110B   .  FF75 08	   PUSH DWORD PTR SS:[EBP+8]
0040110E   .  E8 35000000   CALL DlgMain.00401148
00401113   .  EB 0D		 JMP SHORT DlgMain.00401122
00401115   >  68 A4304000   PUSH DlgMain.004030A4				   ;  ASCII "...Patching successfull"

Normal code - one patch pattern::

004010FD   .  E8 7A000000   CALL DlgMain.0040117C				   ; \DlgMain.0040117C
00401102   .  0BC0		  OR EAX, EAX							 ;EAX=00000001
00401104   .  75 0F		 JNZ SHORT DlgMain.00401115 
00401106   .  68 25304000   PUSH DlgMain.00403025				   ;  ASCII "...Patching failed"
0040110B   .  FF75 08	   PUSH DWORD PTR SS:[EBP+8]
0040110E   .  E8 35000000   CALL DlgMain.00401148
00401113   .  EB 0D		 JMP SHORT DlgMain.00401122
00401115   >  68 38304000   PUSH DlgMain.00403038				   ;  ASCII "...Patching successfull"
Edited by Matrix_
Ufo-Pu55y

Ufo-Pu55y

Posted
Posted

Ahhh.. now I got what u meant.

Simply add 'inc eax' after the loop,

and u'll get ur "Patching successfull!" ;)

...
	LOCAL ActPat			:DWORD
...
			invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0
			.if eax!=NULL
				mov local_hViewOfFile,eax
				invoke GetFileSize,local_hFile,0
				mov local_filesize,eax
				lea esi, Pat1
				mov ActPat,esi
				mov al,byte ptr [esi]
				.while al != 0
					ASSUME esi:ptr Pattern
					invoke SearchAndReplace,local_hViewOfFile, \
						addr [esi].SearchPattern,addr [esi].SearchMask, \
						addr [esi].ReplacePattern,addr [esi].ReplaceMask, \
						[esi].SizeOfPattern, local_filesize,1
					ASSUME esi:nothing
					.if eax==0
						jmp quit
					.endif
					add ActPat,sizeof Pattern
					mov esi,ActPat
					mov al,byte ptr [esi]
				.endw
				INC EAX; <--------------------- !!!!!!!!!!!!!!!!!!!!!!!!!!!!
			quit:
				mov local_retvalue,eax
				invoke UnmapViewOfFile,local_hViewOfFile
			.endif
black8x

black8x

Posted
Posted

Many thanks Ufo-Pu55y :flowers: . Just increase the value + 1, and it's working ! :bomb: Thank Ufo-Pu55y again. :wub:

Regards !

  • 12 years later...
IIII

IIII

Posted
Posted

can someone pls help me

i have hex pattern of 22 &  31 & it generating error

error A2041: string or text literal too long

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...