Jump to content
Tuts 4 You

Help Out With Patch In Delphi


Guest Fellow Hacker

Recommended Posts

Guest Fellow Hacker
Posted

Alright Whatup Everybody I Am New To This Forum Thought I Do Know About

Cracking. Problem Is I Dont Know How To Make My Own Patches So I Checked Here And Found Something Similar But I Need Help Changing It.

			begin				 
assignfile(FB , original.caption);
Reset(FB);
b := $90;
seek(FB,$00066C38);
Write(FB,b); closefile(FB);
end;
end;

How Would I Change This Code To Patch Many Offsets Instead Of Having To Repeat The Same Code Many Times.

Any Help Appreciated :)

Laterz,

Short-Circuit

Posted (edited)
Alright Whatup Everybody I Am New To This Forum Thought I Do Know About

Cracking. Problem Is I Dont Know How To Make My Own Patches So I Checked Here And Found Something Similar But I Need Help Changing It.

			begin				 
assignfile(FB , original.caption);
Reset(FB);
b := $90;
seek(FB,$00066C38);
Write(FB,b); closefile(FB);
end;
end;

How Would I Change This Code To Patch Many Offsets Instead Of Having To Repeat The Same Code Many Times.

Any Help Appreciated :)

Laterz,

Short-Circuit

Guess you could...

	 
begin
assignfile(FB , original.caption);
Reset(FB); b := $90;
seek(FB,$00066C38);
Write(FB,b);
b := $91;
seek(FB,$00066C39);
Write(FB,b);
b := $92;
seek(FB,$00066C3A);
Write(FB,b);
b := $93;
seek(FB,$00066C3B);
Write(FB,b);
closefile(FB);
end;

I don't know of any other way... This atleast lets you do it in one sweep.

Heads up though, I did not test this.

Cause I'm at work w/o Delphi :)

Edited by ante0
Posted

declare a function..

im writing this by hart, so it cud be errors..

function patchDword(var: fullnamewithpathOfFIle: AnsiChar; var bytestopatch: Dword; var offsettopatch: Dword):Boolean
begin //bytestopatch in range $00000000 to $FFFFFFFF (4 bytes in one go)
try
begin
assignfile(FB , fullnamewithpathOfFIle);
Reset(FB);
seek(FB,offsettopatch);
Write(FB,bytestopatch);
result:=True; //patch successfull
end;
except
result:=False; //failed for some reason
end;
end;

the use would be:

if patchDword('c:\temp\myfile.bin',$00000090,$00000001) then Show('successfully patched) else show('something went wrong..');

hope it helps...

Guest Fellow Hacker
Posted

Thanx ante0 And Chupachu

Yes ante0 It Works Perfectly

Chupachu Your Code Is A Bit Advanced But I Will Keep At Hand :)

Thanx All

Posted

Take care with this method ChupaChu, when you want to patch an only byte, you could be patching that byte, and the other three bytes following to the first byte are being set to zero... :wacko:

Cheers

Nacho_dj

Posted

sure Nachi, tnx.. i was just showing to him "general" idea of pathching function, writing it by hart to repy box directly.. feel free to change/upgrade/correct anything you find needs to be corrected/upgraded/changed :)

BR, ChupaChu!

Posted (edited)

in the above source, how would one write multiple byte to a single address, Do you need to specify the amount of byte before writing to address like you would when writting to memory?

I tryed the following without success :(


var
Form1: TForm1;
FB : File Of Byte;const
{ Address's to write Patch }
Address1=$0054B28B;
Address2=$0054B297; { Bytes to write }
Patch1 : array[1..2] of byte = ($EB,$08);
Patch2 : array[1..6] of byte = ($BB,$00,$00,$00,$00,$90);{$R *.dfm}{ this procedure is from error's example }
procedure BackupFile(const FileName, BackupExt: string);
begin
CopyFile(PChar(FileName), //It copies the executable
PChar(ChangeFileExt(FileName, BackupExt)), false);
end;procedure TForm1.Button1Click(Sender: TObject);
begin
BackupFile('c:\Program files\My Program\Program.exe','.exd');
begin
assignfile(FB , 'c:\Program files\My Program\Program.exe');
Reset(FB); seek(FB,Address1);
BlockWrite(FB,Patch1, Length(Patch1));
seek(FB,Address2);
BlockWrite(FB,Patch2, Length(Patch2));closefile(FB);
end;
end;
end.

I thought blockwrite is what you use when writting an array of bytes, but i guess i was wrong because it did'nt work :( any suggestions?

Edited by Departure
Posted
BlockWrite(FB,Patch1, Length(Patch1));

Use this instead:

BlockWrite(FB,Patch1[0], Length(Patch1));

Posted (edited)

This is part of code i use to patch multiple bytes (easy importable from cmd.exe using e.g. FC /B original.exe patched.exe>result.txt)

const p_data : array[1..3] of dword = (
$000E9325, $77, $76,
$010E5525, $C2, $90); // this example will patch 2 bytes at offsets 010E5525 and 000E9325..VAR FB: file of Byte;
b:byte;
i,J:dword;
s,FileToPatch:string;
MATCHED:BOOLEAN;
begin
FileToPatch:='TARGET.exe'; // add it manualy or other way you like..
try
begin
assignfile(FB , FileToPatch);for i:=0 to sizeof(p_data) div 12-1 do // p_data has 3 values: offset, original byte, patched byte and so on undefinetely in same pattern..
begin // div 12 -1 is to determine correct number of patching bytes (e.g. loops to do before all patched)
seek(FB,p_data[i*3+1]); // position on first value from p_data e.g. $000E9325
BlockRead(FB,b,1); // read 1 byte
seek(FB,p_data[i*3+1]); // position on needed p_data e.g. $000E9325 (as block Read will change seek position)
if b=p_data[i*3+2] then //if byte matches original one, continue to write patched byte if not do what ever you like..
begin
// BYTE MATCHED SO BOOLEAN for MATCHED status STAYS TRUE!
// outputdebugstring(PChar('seeking'+int2hex(p_data[j*3+1],8))); --> for debugging purpuses (to see thats being done in each step)
Write(FB,p_data[j*3+3]); //outputdebugstring(PChar('writing'+int2hex(p_data[j*3+3],2)));
end
else
begin
MATCHED:=FALSE; // FOUND ONE THAT DOES NOT MATCH! --> abort/undo patch or whatever
end;
end;closefile(FB);

hope it helps!

Edited by ChupaChu
Posted (edited)

I like your first source you gave an example for chupuchu, And im always greatful for your examples but there must be an easyer way to patch multiple bytes to a VA address, Nacho thanks for your input also but I dont have a 0 index of the Patch1 array in my source that i posted

Use this instead:

BlockWrite(FB,Patch1[0], Length(Patch1));

That would be useful if index 0 of that array had some bytes, but then it would'nt work even if it did have some thing in index 0 because Length is 2 "Length(Patch1)", but yes this method could be used to patch single bytes also by calling a index of the array.....

thanks for your replys...

Edited by Departure
Posted
Nacho thanks for your input also but I dont have a 0 index of the Patch1 array in my source that i posted
Use this instead:

BlockWrite(FB,Patch1[0], Length(Patch1));

Opssss, you are right, I'm used to 0 index in arrays...

OK, use index number 1, as a matter of fact it should be the first index in your array to point the address where the array begins.

So, this should work:

BlockWrite(FB,Patch1[1], Length(Patch1));

Sorry for the mistake, mate.

Cheers

Nacho_dj

Posted (edited)

I tryed what you suggested but it did'nt do anything,

Code I used:

var

Form1: TForm1;

const

{ Address's to write Patch }

Address1=$0054B28B;

Address2=$0054B297;

{ Bytes to write }

Patch1 : array[1..2] of byte = ($EB,$08);

Patch2 : array[1..6] of byte = ($BB,$00,$00,$00,$00,$90);

implementation

{$R *.dfm}

procedure TForm1.Button1Click(Sender: TObject);

var

FB : File Of Byte;

begin

assignfile(FB , 'c:\Program files\My Program\Program.exe');

Reset(FB);

seek(FB,Address1);

BlockWrite(FB,Patch1[1], Length(Patch1));

seek(FB,Address2);

BlockWrite(FB,Patch2[1], Length(Patch2));

closefile(FB);

end;

end.

I think i must be using the BlockWrite incorrect or Making some mistake I have'nt picked up yet, As the above code writes nothing to the exe :(

Edited by Departure
Posted
seek(FB,Address1);

the above code writes nothing to the exe :(

address1 is va and doesn't exist in the file on disk, you need to convert va to file offset first.

Posted (edited)

Dohhhhh!!!! LOL, okay ill do that and get back with results, heheh I was'nt thinking because im using the same va address's in my memory loader example, hmm now to find the file offset address programatically..............

//Edit yes it works when patching the offset address (Slaps self across the face)

I guess to find the offset programatically (only because its easyer to give VA address) i would need to load the file in memory and read it from there then convert???

P.s Nacho, Thanks for the index idea but i did'nt need to use it because it actually worked fine just using BlockWrite(FB,Patch1, Length(Patch1)); my problem was trying to patch a virtual address instead of binary address on disk as zako explained to me..... Dohhhh!!!

Edited by Departure

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...