Jump to content
Tuts 4 You

How To Search & Replace Loader [delphi]

V65j

By V65j
in Programming and Coding

Recommended Posts

V65j

V65j

Posted
Posted (edited)

hi to all

i need a search and replace loader source in delphi

i can write loader (load target and change on hex codes) but can't search .

please help me ;)

Edited by V65j
Loki

Loki

Posted
Posted

Get diablo2oo2's MASM source and convert it to delphi - its simple enough.

V65j

V65j

Posted
  • Author
Posted

i have this source but i cant convert it to delphi source !!!!

i need delphi source .

ChupaChu

ChupaChu

Posted
Posted

I think you shud read a block of data (e.g. 512 bytes or 2048 etc.. choose whats fastest for your PC)

into an array of lets say type byte then in a simple loop scan byte by byte of that array.. let another

variable store/keep track about current location in file/memory..

e.g. pseudo code:

- check if i can read the chunk from memory/file

- then read it, and take note of how much data has been read

- compare all bytes in a loop to data you need to find

- if you have complicated patterns in mind take good care not to have any memory leaks

p.s.

i had one sample source around, but it seems it got lost last time i got drive failure, but if i stumble upon it i will post it here..

BR, ChupaChu!

  • 2 weeks later...
Departure

Departure

Posted
Posted

just wondering by any chance you have found that source?

I am also interested on what sort of search routine could be used

ChupaChu

ChupaChu

Posted
Posted

Well i would do it like this (note its pseudo code, it might have syntax and other errors):

// you have to determine IMAGEBASE using PImageOptionalHeader in windows unit
// so you have to read ad base begin, to base+sizeOfExe which you can get using GetFileSize
//vars:
//   PI: PROCESS_INFORMATION;   SI: STARTUPINFO;   Context: _CONTEXT; FillChar(PI,SizeOf(TProcessInformation),#0);
 FillChar(SI,SizeOf(TStartupInfo),#0);
 SI.cb:=SizeOf(SI);
 CreateProcess('example.exe',nil,nil,nil,False, CREATE_SUSPENDED ,nil,nil,SI,PI);
 GetThreadContext(PI.hThread,Context); for i:=1 to sizeOfEXE do
 begin 
 ReadProcessMemory(PI.hProcess,Pointer(Base+i),@buff,2,W);  //read two bytes
 if (buff[0] = searchpattern[0]) and (buff[1] = searchpattern[1]) then checkoutlogic; //copare with your search pattern
 end;

I was not able to find source i mentioned, but i found anorganixex sources for coding a serial sniffer, it can be usefful as well.

You can get it here (chapter 8): h!!p://arteam.accessroot.com/ezine.html?fid=2

Hope it wil help a bit :)

BR, ChupaChu!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...