ahmadmansoor Posted April 19, 2008 Posted April 19, 2008 (edited) Can I ask If someone have some code in VB6 which do this :open process and search for code in text section or ( from certain place to anthor) and find like this code:Nopjmp XXXXXXXand change it to jmp dword ptr DS[XXXXX] Edited April 19, 2008 by ahmadmansoor
atom0s Posted April 19, 2008 Posted April 19, 2008 I made a toolkit for hacking VB6 which can do this, you can find the toolkit here: http://www.extalia.com/forums/viewtopic.php?f=22&t=2585 Inside the toolkit you will want to check out cls_MemoryMisc function: ScanForBytes Currently, it doesn't support using masks but it can be very easily edited to use them. Hope it helps.
ahmadmansoor Posted April 19, 2008 Author Posted April 19, 2008 (edited) Many thanks for u Mr.Atomos for ur Fast replay ...... i will try it and tell u if I have success .....but did ur code search for all code and repalce it all what i give him ....I need it for make some patch in Themida ..IAT ..............I hope u get the Idea :happy: Edited April 19, 2008 by ahmadmansoor
atom0s Posted April 19, 2008 Posted April 19, 2008 Many thanks for u Mr.Atomos for ur Fast replay ...... i will try it and tell u if I have success .....but did ur code search for all code and repalce it all what i give him .... I need it for make some patch in Themida ..IAT .............. I hope u get the Idea :happy: It scans for bytes in a running process and returns the address of where the pattern starts. It can be coded to scan for bytes with a mask with some small changes, but do you need to scan in a file or running process? I can write you some code to do it if needed.
ahmadmansoor Posted April 19, 2008 Author Posted April 19, 2008 Many thanks for u Mr.Atomos for ur Fast replay ...... i will try it and tell u if I have success .....but did ur code search for all code and repalce it all what i give him .... I need it for make some patch in Themida ..IAT .............. I hope u get the Idea :happy: It scans for bytes in a running process and returns the address of where the pattern starts. It can be coded to scan for bytes with a mask with some small changes, but do you need to scan in a file or running process? I can write you some code to do it if needed. Many Thanks my friend ....yes i need that if u like i will send my Yahoo ID to u and discouss it ....... I have write a Good tut in unpack themida 1.97 but need to make a tools to fix the IAT very Quick ...because fix it by hand take some time
atom0s Posted April 19, 2008 Posted April 19, 2008 Many thanks for u Mr.Atomos for ur Fast replay ...... i will try it and tell u if I have success .....but did ur code search for all code and repalce it all what i give him .... I need it for make some patch in Themida ..IAT .............. I hope u get the Idea :happy: It scans for bytes in a running process and returns the address of where the pattern starts. It can be coded to scan for bytes with a mask with some small changes, but do you need to scan in a file or running process? I can write you some code to do it if needed. Many Thanks my friend ....yes i need that if u like i will send my Yahoo ID to u and discouss it ....... I have write a Good tut in unpack themida 1.97 but need to make a tools to fix the IAT very Quick ...because fix it by hand take some time Sure, send me a PM with your Yahoo Id I'll be glad to help the best I can.
ahmadmansoor Posted April 19, 2008 Author Posted April 19, 2008 (edited) My friend I have send it ...... I am online if u like ....just to insert ur name Edited April 19, 2008 by ahmadmansoor
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now