Jump to content
Tuts 4 You

Looking for a patcher src


qpt^J

Recommended Posts

Posted

Hello guys. Maybe same question has been asked before, although i couldnt find any useful thing while searching. I am looking for a SIMPLE search+replace patcher src in C. And I'm not a C coder so please do not offer to code it on my own :)

p.s: do not offer dup SnR engine.

Posted

check this:


/>http://www.accessroot.com/arteam/forums/index.php?showtopic=9905

Posted

thanks a lot mate! that src is exactly what i was looking for :)

Posted

lol, i was so excited from getting that code, so i didnt noticed, that it doesnt include replace feature lol. i would be greatfull if someone share a full src :P

Posted

BM search by ConZero (mentioned in above thread) seems to support replacing too:


/>http://www.accessroot.com/arteam/site/download.php?view.238

didnt check it out, though.

Posted

that thing has a long code, not that fast, like Search only one. :/

Posted

Try something like this (you need to change the pattern bytes because I'm a fail coder)

#include <stdio.h>
#include <windows.h>unsigned int filesize=0;
unsigned int patch_offset=0;
BYTE* file_buffer=0;int main()
{
DWORD high=0;
HANDLE hFile=CreateFileA("Security.dll", GENERIC_ALL, 0, 0, OPEN_EXISTING, 0, 0);
filesize=GetFileSize(hFile, &high);
long allocated=(long)VirtualAlloc(VirtualAlloc(0, filesize, MEM_RESERVE, PAGE_EXECUTE_READWRITE), filesize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
ReadFile(hFile, (void*)allocated, filesize, &high, 0);
CloseHandle(hFile);
file_buffer=(BYTE*)allocated;
for(unsigned int i=0; i<filesize; i++) //Pattern: 11 22 33 44 55 66 77 88 99 ?? BB ?? ?? EE FF
{
if(file_buffer[i]==0x11)
{
if(file_buffer[i+1]==0x22)
{
if(file_buffer[i+2]==0x33)
{
if(file_buffer[i+3]==0x44)
{
if(file_buffer[i+4]==0x55)
{
if(file_buffer[i+5]==0x66)
{
if(file_buffer[i+6]==0x77)
{
if(file_buffer[i+7]==0x88)
{
if(file_buffer[i+8]==0x99)
{
if(file_buffer[i+10]==0xBB)
{
if(file_buffer[i+13]==0xEE)
{
if(file_buffer[i+14]==0xFF)
{
patch_offset=i;
}
}
}
}
}
}
}
}
}
}
}
}
}
if(!patch_offset)
puts("Pattern not found, maybe the version is too new/old..\n");
else
printf("Raw patch offset: %08X\n\n", patch_offset);
system("pause"); //patching:
char patch_data[10]={0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0x00};
memcpy((void*)patch_offset+file_buffer, (void*)patch_data, 10); //write a new file here (no time) return 0;
}

Paste: http://pastebin.com/VrirCh7t

Greetings,

Mr. eXoDia

  • Like 2
Posted

@Mr. eXoDia

thanks mate for your source, but i my patterns are too long and i have to patch in many places, so this method isn't really good in this case.

i have done some changes in Ghandi's src (lame inline asm :P and didnt implemented replace mask), and made it working with my target. And some part of my code is translated from dup SnR Engine

here's final src, although i dont think it would be useful: http://pastebin.com/GQgDBqex

thank you guys :)

Posted (edited)

I haven't tested this, but would something like this be of any use? IF it works as intended, you should be able to pass a mask using 0x01 as skip flag and 0x00 as patch flag. The 'uReplaceCount' is the amount of times it should patch or pass -1 to patch all occurrences. In the second piece of code, there is a 'uPatchInstance' parameter instead, this will allow patching the Nth instance found or all with -1.


UINT SearchAndReplace(BYTE *lpTargetAddress,BYTE *lpSearchPattern,BYTE *lpSearchMask,UINT cbPatternSize,UINT cbSearchSize, BYTE *lpReplacePattern, BYTE *lpReplaceMask, UINT cbReplaceSize, UINT uReplaceCount)
{
UINT uResult = 0;
BYTE *pCurrent = NULL;
BYTE *pCurrentSearch = lpTargetAddress;
UINT uBytesRemaining = cbSearchSize;
UINT i = 0;
UINT j = 0;do
{
pCurrent = (BYTE *)Search(pCurrentSearch, lpSearchPattern, lpSearchMask, cbPatternSize, uBytesRemaining, FALSE);
if (!pCurrent) break; for (i=0; i<cbReplaceSize; i++)
{
if (lpReplaceMask[i] == 0)
{
pCurrent[i] = lpReplacePattern[i];
}
}
j++; uBytesRemaining = cbSearchSize - (((UINT)pCurrent - (UINT)lpTargetAddress) + 1);
pCurrentSearch = pCurrent + 1;
if (uBytesRemaining < cbPatternSize) break;} while (j < uReplaceCount);return j;
}
UINT SearchAndReplace(BYTE *lpTargetAddress,BYTE *lpSearchPattern,BYTE *lpSearchMask,UINT cbPatternSize,UINT cbSearchSize, BYTE *lpReplacePattern, BYTE *lpReplaceMask, UINT cbReplaceSize, UINT uPatchInstance)
{
UINT uResult = 0;
BYTE *pCurrent = NULL;
BYTE *pCurrentSearch = lpTargetAddress;
UINT uBytesRemaining = cbSearchSize;
UINT i = 0;
UINT j = 0;do
{
pCurrent = (BYTE *)Search(pCurrentSearch, lpSearchPattern, lpSearchMask, cbPatternSize, uBytesRemaining, FALSE);
if (!pCurrent) break;
j++;
if (j == uPatchInstance || uPatchInstance == -1)
{
for (i=0; i<cbReplaceSize; i++)
{
if (lpReplaceMask[i] == 0)
{
pCurrent[i] = lpReplacePattern[i];
}
}
}
if (j == uPatchInstance) break; uBytesRemaining = cbSearchSize - (((UINT)pCurrent - (UINT)lpTargetAddress) + 1);
pCurrentSearch = pCurrent + 1;} while (uBytesRemaining >= cbPatternSize);return j;
}

HR,

Ghandi

Edited by ghandi
Posted

thanks for new src, Ghandi :)

Mask is useless for my patcher, since i am patching in data section, not in code. Anyway this could be useful for later, so I'll keep it.

BR, qpt

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...