Guest Fellow Hacker Posted November 22, 2007 Posted November 22, 2007 Alright Whatup Everybody I Am New To This Forum Thought I Do Know About Cracking. Problem Is I Dont Know How To Make My Own Patches So I Checked Here And Found Something Similar But I Need Help Changing It. begin assignfile(FB , original.caption); Reset(FB); b := $90; seek(FB,$00066C38); Write(FB,b); closefile(FB); end; end; How Would I Change This Code To Patch Many Offsets Instead Of Having To Repeat The Same Code Many Times. Any Help Appreciated Laterz, Short-Circuit
ante0 Posted November 22, 2007 Posted November 22, 2007 (edited) Alright Whatup Everybody I Am New To This Forum Thought I Do Know AboutCracking. Problem Is I Dont Know How To Make My Own Patches So I Checked Here And Found Something Similar But I Need Help Changing It. begin assignfile(FB , original.caption); Reset(FB); b := $90; seek(FB,$00066C38); Write(FB,b); closefile(FB); end; end; How Would I Change This Code To Patch Many Offsets Instead Of Having To Repeat The Same Code Many Times. Any Help Appreciated Laterz, Short-Circuit Guess you could... begin assignfile(FB , original.caption); Reset(FB); b := $90; seek(FB,$00066C38); Write(FB,b); b := $91; seek(FB,$00066C39); Write(FB,b); b := $92; seek(FB,$00066C3A); Write(FB,b); b := $93; seek(FB,$00066C3B); Write(FB,b); closefile(FB);end; I don't know of any other way... This atleast lets you do it in one sweep. Heads up though, I did not test this. Cause I'm at work w/o Delphi Edited November 22, 2007 by ante0
ChupaChu Posted November 22, 2007 Posted November 22, 2007 declare a function..im writing this by hart, so it cud be errors..function patchDword(var: fullnamewithpathOfFIle: AnsiChar; var bytestopatch: Dword; var offsettopatch: Dword):Booleanbegin //bytestopatch in range $00000000 to $FFFFFFFF (4 bytes in one go)trybeginassignfile(FB , fullnamewithpathOfFIle);Reset(FB);seek(FB,offsettopatch);Write(FB,bytestopatch);result:=True; //patch successfullend;except result:=False; //failed for some reasonend;end;the use would be:if patchDword('c:\temp\myfile.bin',$00000090,$00000001) then Show('successfully patched) else show('something went wrong..');hope it helps...
Guest Fellow Hacker Posted November 22, 2007 Posted November 22, 2007 Thanx ante0 And Chupachu Yes ante0 It Works Perfectly Chupachu Your Code Is A Bit Advanced But I Will Keep At Hand Thanx All
Nacho_dj Posted November 28, 2007 Posted November 28, 2007 Take care with this method ChupaChu, when you want to patch an only byte, you could be patching that byte, and the other three bytes following to the first byte are being set to zero... Cheers Nacho_dj
ChupaChu Posted November 28, 2007 Posted November 28, 2007 sure Nachi, tnx.. i was just showing to him "general" idea of pathching function, writing it by hart to repy box directly.. feel free to change/upgrade/correct anything you find needs to be corrected/upgraded/changed BR, ChupaChu!
Departure Posted December 4, 2007 Posted December 4, 2007 (edited) in the above source, how would one write multiple byte to a single address, Do you need to specify the amount of byte before writing to address like you would when writting to memory? I tryed the following without success var Form1: TForm1; FB : File Of Byte;const { Address's to write Patch } Address1=$0054B28B; Address2=$0054B297; { Bytes to write } Patch1 : array[1..2] of byte = ($EB,$08); Patch2 : array[1..6] of byte = ($BB,$00,$00,$00,$00,$90);{$R *.dfm}{ this procedure is from error's example } procedure BackupFile(const FileName, BackupExt: string); begin CopyFile(PChar(FileName), //It copies the executable PChar(ChangeFileExt(FileName, BackupExt)), false); end;procedure TForm1.Button1Click(Sender: TObject);beginBackupFile('c:\Program files\My Program\Program.exe','.exd');beginassignfile(FB , 'c:\Program files\My Program\Program.exe');Reset(FB); seek(FB,Address1); BlockWrite(FB,Patch1, Length(Patch1)); seek(FB,Address2); BlockWrite(FB,Patch2, Length(Patch2));closefile(FB);end;end;end. I thought blockwrite is what you use when writting an array of bytes, but i guess i was wrong because it did'nt work any suggestions? Edited December 4, 2007 by Departure
Nacho_dj Posted December 4, 2007 Posted December 4, 2007 BlockWrite(FB,Patch1, Length(Patch1));Use this instead:BlockWrite(FB,Patch1[0], Length(Patch1));
ChupaChu Posted December 4, 2007 Posted December 4, 2007 (edited) This is part of code i use to patch multiple bytes (easy importable from cmd.exe using e.g. FC /B original.exe patched.exe>result.txt)const p_data : array[1..3] of dword = ($000E9325, $77, $76,$010E5525, $C2, $90); // this example will patch 2 bytes at offsets 010E5525 and 000E9325..VAR FB: file of Byte;b:byte;i,J:dword;s,FileToPatch:string;MATCHED:BOOLEAN;beginFileToPatch:='TARGET.exe'; // add it manualy or other way you like..try begin assignfile(FB , FileToPatch);for i:=0 to sizeof(p_data) div 12-1 do // p_data has 3 values: offset, original byte, patched byte and so on undefinetely in same pattern.. begin // div 12 -1 is to determine correct number of patching bytes (e.g. loops to do before all patched) seek(FB,p_data[i*3+1]); // position on first value from p_data e.g. $000E9325 BlockRead(FB,b,1); // read 1 byte seek(FB,p_data[i*3+1]); // position on needed p_data e.g. $000E9325 (as block Read will change seek position) if b=p_data[i*3+2] then //if byte matches original one, continue to write patched byte if not do what ever you like.. begin // BYTE MATCHED SO BOOLEAN for MATCHED status STAYS TRUE! // outputdebugstring(PChar('seeking'+int2hex(p_data[j*3+1],8))); --> for debugging purpuses (to see thats being done in each step) Write(FB,p_data[j*3+3]); //outputdebugstring(PChar('writing'+int2hex(p_data[j*3+3],2))); end else begin MATCHED:=FALSE; // FOUND ONE THAT DOES NOT MATCH! --> abort/undo patch or whatever end; end;closefile(FB);hope it helps! Edited December 4, 2007 by ChupaChu
Departure Posted December 5, 2007 Posted December 5, 2007 (edited) I like your first source you gave an example for chupuchu, And im always greatful for your examples but there must be an easyer way to patch multiple bytes to a VA address, Nacho thanks for your input also but I dont have a 0 index of the Patch1 array in my source that i posted Use this instead:BlockWrite(FB,Patch1[0], Length(Patch1));That would be useful if index 0 of that array had some bytes, but then it would'nt work even if it did have some thing in index 0 because Length is 2 "Length(Patch1)", but yes this method could be used to patch single bytes also by calling a index of the array.....thanks for your replys... Edited December 5, 2007 by Departure
Nacho_dj Posted December 5, 2007 Posted December 5, 2007 Nacho thanks for your input also but I dont have a 0 index of the Patch1 array in my source that i posted Use this instead:BlockWrite(FB,Patch1[0], Length(Patch1));Opssss, you are right, I'm used to 0 index in arrays...OK, use index number 1, as a matter of fact it should be the first index in your array to point the address where the array begins.So, this should work:BlockWrite(FB,Patch1[1], Length(Patch1));Sorry for the mistake, mate.CheersNacho_dj
Departure Posted December 6, 2007 Posted December 6, 2007 (edited) I tryed what you suggested but it did'nt do anything, Code I used: var Form1: TForm1; const { Address's to write Patch } Address1=$0054B28B; Address2=$0054B297; { Bytes to write } Patch1 : array[1..2] of byte = ($EB,$08); Patch2 : array[1..6] of byte = ($BB,$00,$00,$00,$00,$90); implementation {$R *.dfm} procedure TForm1.Button1Click(Sender: TObject); var FB : File Of Byte; begin assignfile(FB , 'c:\Program files\My Program\Program.exe'); Reset(FB); seek(FB,Address1); BlockWrite(FB,Patch1[1], Length(Patch1)); seek(FB,Address2); BlockWrite(FB,Patch2[1], Length(Patch2)); closefile(FB); end; end. I think i must be using the BlockWrite incorrect or Making some mistake I have'nt picked up yet, As the above code writes nothing to the exe Edited December 6, 2007 by Departure
zako Posted December 6, 2007 Posted December 6, 2007 seek(FB,Address1);the above code writes nothing to the exe address1 is va and doesn't exist in the file on disk, you need to convert va to file offset first.
Departure Posted December 6, 2007 Posted December 6, 2007 (edited) Dohhhhh!!!! LOL, okay ill do that and get back with results, heheh I was'nt thinking because im using the same va address's in my memory loader example, hmm now to find the file offset address programatically..............//Edit yes it works when patching the offset address (Slaps self across the face)I guess to find the offset programatically (only because its easyer to give VA address) i would need to load the file in memory and read it from there then convert???P.s Nacho, Thanks for the index idea but i did'nt need to use it because it actually worked fine just using BlockWrite(FB,Patch1, Length(Patch1)); my problem was trying to patch a virtual address instead of binary address on disk as zako explained to me..... Dohhhh!!! Edited December 6, 2007 by Departure
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now