V65j Posted January 8, 2008 Share Posted January 8, 2008 (edited) hi to all i need a search and replace loader source in delphi i can write loader (load target and change on hex codes) but can't search . please help me Edited January 8, 2008 by V65j Link to comment
Loki Posted January 8, 2008 Share Posted January 8, 2008 Get diablo2oo2's MASM source and convert it to delphi - its simple enough. Link to comment
V65j Posted January 8, 2008 Author Share Posted January 8, 2008 i have this source but i cant convert it to delphi source !!!!i need delphi source . Link to comment
ChupaChu Posted January 8, 2008 Share Posted January 8, 2008 I think you shud read a block of data (e.g. 512 bytes or 2048 etc.. choose whats fastest for your PC)into an array of lets say type byte then in a simple loop scan byte by byte of that array.. let anothervariable store/keep track about current location in file/memory..e.g. pseudo code:- check if i can read the chunk from memory/file- then read it, and take note of how much data has been read- compare all bytes in a loop to data you need to find- if you have complicated patterns in mind take good care not to have any memory leaksp.s.i had one sample source around, but it seems it got lost last time i got drive failure, but if i stumble upon it i will post it here..BR, ChupaChu! Link to comment
Departure Posted January 16, 2008 Share Posted January 16, 2008 just wondering by any chance you have found that source? I am also interested on what sort of search routine could be used Link to comment
ChupaChu Posted January 17, 2008 Share Posted January 17, 2008 Well i would do it like this (note its pseudo code, it might have syntax and other errors): // you have to determine IMAGEBASE using PImageOptionalHeader in windows unit// so you have to read ad base begin, to base+sizeOfExe which you can get using GetFileSize//vars:// PI: PROCESS_INFORMATION; SI: STARTUPINFO; Context: _CONTEXT; FillChar(PI,SizeOf(TProcessInformation),#0); FillChar(SI,SizeOf(TStartupInfo),#0); SI.cb:=SizeOf(SI); CreateProcess('example.exe',nil,nil,nil,False, CREATE_SUSPENDED ,nil,nil,SI,PI); GetThreadContext(PI.hThread,Context); for i:=1 to sizeOfEXE do begin ReadProcessMemory(PI.hProcess,Pointer(Base+i),@buff,2,W); //read two bytes if (buff[0] = searchpattern[0]) and (buff[1] = searchpattern[1]) then checkoutlogic; //copare with your search pattern end; I was not able to find source i mentioned, but i found anorganixex sources for coding a serial sniffer, it can be usefful as well. You can get it here (chapter 8): h!!p://arteam.accessroot.com/ezine.html?fid=2 Hope it wil help a bit BR, ChupaChu! Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now