Can I ask If someone have some code in VB6 which do this :

open process and search for code in text section or ( from certain place to anthor)

and find like this code:

Nop

jmp XXXXXXX

and change it to

jmp dword ptr DS[XXXXX]

Edited April 19, 200817 yr by ahmadmansoor

I made a toolkit for hacking VB6 which can do this, you can find the toolkit here:

http://www.extalia.com/forums/viewtopic.php?f=22&t=2585

Inside the toolkit you will want to check out cls_MemoryMisc function: ScanForBytes

Currently, it doesn't support using masks but it can be very easily edited to use them. Hope it helps.

Many thanks for u Mr.Atomos for ur Fast replay ...... i will try it and tell u if I have success .....

but did ur code search for all code and repalce it all what i give him ....

I need it for make some patch in Themida ..IAT ..............

I hope u get the Idea :happy:

Edited April 19, 200817 yr by ahmadmansoor

Many thanks for u Mr.Atomos for ur Fast replay ...... i will try it and tell u if I have success .....

but did ur code search for all code and repalce it all what i give him ....

I need it for make some patch in Themida ..IAT ..............

I hope u get the Idea :happy:

It scans for bytes in a running process and returns the address of where the pattern starts. It can be coded to scan for bytes with a mask with some small changes, but do you need to scan in a file or running process?

I can write you some code to do it if needed.

Many thanks for u Mr.Atomos for ur Fast replay ...... i will try it and tell u if I have success .....

but did ur code search for all code and repalce it all what i give him ....

I need it for make some patch in Themida ..IAT ..............

I hope u get the Idea :happy:

It scans for bytes in a running process and returns the address of where the pattern starts. It can be coded to scan for bytes with a mask with some small changes, but do you need to scan in a file or running process?

I can write you some code to do it if needed.

Many Thanks my friend ....yes i need that if u like i will send my Yahoo ID to u and discouss it ....... I have write a Good tut in unpack themida 1.97

but need to make a tools to fix the IAT very Quick ...because fix it by hand take some time

Many thanks for u Mr.Atomos for ur Fast replay ...... i will try it and tell u if I have success .....

but did ur code search for all code and repalce it all what i give him ....

I need it for make some patch in Themida ..IAT ..............

I hope u get the Idea :happy:

It scans for bytes in a running process and returns the address of where the pattern starts. It can be coded to scan for bytes with a mask with some small changes, but do you need to scan in a file or running process?

I can write you some code to do it if needed.

Many Thanks my friend ....yes i need that if u like i will send my Yahoo ID to u and discouss it ....... I have write a Good tut in unpack themida 1.97

but need to make a tools to fix the IAT very Quick ...because fix it by hand take some time

Sure, send me a PM with your Yahoo Id I'll be glad to help the best I can.

My friend I have send it ...... I am online if u like ....just to insert ur name

Edited April 19, 200817 yr by ahmadmansoor