Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Delphi] IAT Patch - Code

0xFF
0xFF
in Programming and Coding

Featured Replies

Posted

This code is NOT by me, it's by Madshi, author of madCodeHook, taken from experts-exchange, i'm an expert there.

You can use the following code, it's copied from my madExcept package. madCodeHook uses a much better but also much more complicated API hooking method. The missing parts (e.g. GetImageNtHeaders) can be found in the madBasic package (which includes sources) of my collection.

This function works fine. For successful IAT patching you need to patch each and every module in your process. However, in win9x you're not allowed to patch system modules (modules whose handle is bigger than $80000000). If you would do that, you'd make the whole OS unstable. As a result IAT patching doesn't work too well in win9x. After all IAT patching is not the best hooking method. But in normal use you might not notice the difference. It depends on for which purpose you need this stuff.

procedure PatchImportTable(module: dword; old, new: pointer);
var pinh : PImageNtHeaders;
    pid  : ^TImageImportDirectory;
    p1   : TPPointer;
    c1   : dword;
    eis  : dword;  // end of import section
begin
  pinh := GetImageNtHeaders(module);
  if pinh <> nil then begin
    with pinh^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT] do begin
      pid := pointer(module + VirtualAddress);
      eis := VirtualAddress + Size;
    end;
    if pid <> nil then
      while pid^.Name_ <> 0 do begin
        if pid^.ThunkArray > eis then
          break;  // invalid import table!
        if pid^.ThunkArray <> 0 then begin
          p1 := pointer(module + pid^.ThunkArray);
          while p1^ <> nil do begin
            if (p1^ = old) and VirtualProtect(p1, 4, PAGE_EXECUTE_READWRITE, @c1) then
              p1^ := new;
            inc(p1);
          end;
        end;
        inc(pid);
      end;
  end;
end;
  • Author

Thanks for your sharing. It is very useful for me

you're welcome, and you will also need madCodeHook (Hook Engine) installed in order to use this procedure, website is http://www.madshi.net/.

Edited by rotem156

i'm an expert there

I highly doubt that :) But it's always nice to see someone brag with their skills while posting OTHER people's code :) Keep it up ;)

    •
    • Like 4
    • Author

    I highly doubt that :) But it's always nice to see someone brag with their skills while posting OTHER people's code :) Keep it up ;)

    says the one who's using dUP2 to generate noob patchers while he can't code his own ones, :lol:

    P.S - Why reinvent the wheel ? any bells ringing ?

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.