How To Search & Replace Loader [delphi]

[V65j]

hi to all

i need a search and replace loader source in delphi

i can write loader (load target and change on hex codes) but can't search .

please help me

Edited January 8, 2008 by V65j

[Loki]

Get diablo2oo2's MASM source and convert it to delphi - its simple enough.

[V65j]

i have this source but i cant convert it to delphi source !!!!

i need delphi source .

[ChupaChu]

I think you shud read a block of data (e.g. 512 bytes or 2048 etc.. choose whats fastest for your PC)

into an array of lets say type byte then in a simple loop scan byte by byte of that array.. let another

variable store/keep track about current location in file/memory..

e.g. pseudo code:

- check if i can read the chunk from memory/file

- then read it, and take note of how much data has been read

- compare all bytes in a loop to data you need to find

- if you have complicated patterns in mind take good care not to have any memory leaks

p.s.

i had one sample source around, but it seems it got lost last time i got drive failure, but if i stumble upon it i will post it here..

BR, ChupaChu!

[Departure]

just wondering by any chance you have found that source?

I am also interested on what sort of search routine could be used

[ChupaChu]

Well i would do it like this (note its pseudo code, it might have syntax and other errors):

// you have to determine IMAGEBASE using PImageOptionalHeader in windows unit
// so you have to read ad base begin, to base+sizeOfExe which you can get using GetFileSize
//vars:
//   PI: PROCESS_INFORMATION;   SI: STARTUPINFO;   Context: _CONTEXT; FillChar(PI,SizeOf(TProcessInformation),#0);
 FillChar(SI,SizeOf(TStartupInfo),#0);
 SI.cb:=SizeOf(SI);
 CreateProcess('example.exe',nil,nil,nil,False, CREATE_SUSPENDED ,nil,nil,SI,PI);
 GetThreadContext(PI.hThread,Context); for i:=1 to sizeOfEXE do
 begin 
 ReadProcessMemory(PI.hProcess,Pointer(Base+i),@buff,2,W);  //read two bytes
 if (buff[0] = searchpattern[0]) and (buff[1] = searchpattern[1]) then checkoutlogic; //copare with your search pattern
 end;

I was not able to find source i mentioned, but i found anorganixex sources for coding a serial sniffer, it can be usefful as well.

You can get it here (chapter 8): h!!p://arteam.accessroot.com/ezine.html?fid=2

Hope it wil help a bit

BR, ChupaChu!