qpt^J Posted December 9, 2011 Posted December 9, 2011 Hello guys. Maybe same question has been asked before, although i couldnt find any useful thing while searching. I am looking for a SIMPLE search+replace patcher src in C. And I'm not a C coder so please do not offer to code it on my own p.s: do not offer dup SnR engine.
deepzero Posted December 9, 2011 Posted December 9, 2011 check this:/>http://www.accessroot.com/arteam/forums/index.php?showtopic=9905
qpt^J Posted December 9, 2011 Author Posted December 9, 2011 thanks a lot mate! that src is exactly what i was looking for
qpt^J Posted December 9, 2011 Author Posted December 9, 2011 lol, i was so excited from getting that code, so i didnt noticed, that it doesnt include replace feature lol. i would be greatfull if someone share a full src
deepzero Posted December 9, 2011 Posted December 9, 2011 BM search by ConZero (mentioned in above thread) seems to support replacing too:/>http://www.accessroot.com/arteam/site/download.php?view.238didnt check it out, though.
qpt^J Posted December 9, 2011 Author Posted December 9, 2011 that thing has a long code, not that fast, like Search only one. :/
mrexodia Posted December 9, 2011 Posted December 9, 2011 Try something like this (you need to change the pattern bytes because I'm a fail coder)#include <stdio.h>#include <windows.h>unsigned int filesize=0;unsigned int patch_offset=0;BYTE* file_buffer=0;int main(){ DWORD high=0; HANDLE hFile=CreateFileA("Security.dll", GENERIC_ALL, 0, 0, OPEN_EXISTING, 0, 0); filesize=GetFileSize(hFile, &high); long allocated=(long)VirtualAlloc(VirtualAlloc(0, filesize, MEM_RESERVE, PAGE_EXECUTE_READWRITE), filesize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); ReadFile(hFile, (void*)allocated, filesize, &high, 0); CloseHandle(hFile); file_buffer=(BYTE*)allocated; for(unsigned int i=0; i<filesize; i++) //Pattern: 11 22 33 44 55 66 77 88 99 ?? BB ?? ?? EE FF { if(file_buffer[i]==0x11) { if(file_buffer[i+1]==0x22) { if(file_buffer[i+2]==0x33) { if(file_buffer[i+3]==0x44) { if(file_buffer[i+4]==0x55) { if(file_buffer[i+5]==0x66) { if(file_buffer[i+6]==0x77) { if(file_buffer[i+7]==0x88) { if(file_buffer[i+8]==0x99) { if(file_buffer[i+10]==0xBB) { if(file_buffer[i+13]==0xEE) { if(file_buffer[i+14]==0xFF) { patch_offset=i; } } } } } } } } } } } } } if(!patch_offset) puts("Pattern not found, maybe the version is too new/old..\n"); else printf("Raw patch offset: %08X\n\n", patch_offset); system("pause"); //patching: char patch_data[10]={0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0x00}; memcpy((void*)patch_offset+file_buffer, (void*)patch_data, 10); //write a new file here (no time) return 0;}Paste: http://pastebin.com/VrirCh7tGreetings,Mr. eXoDia 2
qpt^J Posted December 9, 2011 Author Posted December 9, 2011 @Mr. eXoDia thanks mate for your source, but i my patterns are too long and i have to patch in many places, so this method isn't really good in this case. i have done some changes in Ghandi's src (lame inline asm and didnt implemented replace mask), and made it working with my target. And some part of my code is translated from dup SnR Engine here's final src, although i dont think it would be useful: http://pastebin.com/GQgDBqex thank you guys
ghandi Posted December 10, 2011 Posted December 10, 2011 (edited) I haven't tested this, but would something like this be of any use? IF it works as intended, you should be able to pass a mask using 0x01 as skip flag and 0x00 as patch flag. The 'uReplaceCount' is the amount of times it should patch or pass -1 to patch all occurrences. In the second piece of code, there is a 'uPatchInstance' parameter instead, this will allow patching the Nth instance found or all with -1.UINT SearchAndReplace(BYTE *lpTargetAddress,BYTE *lpSearchPattern,BYTE *lpSearchMask,UINT cbPatternSize,UINT cbSearchSize, BYTE *lpReplacePattern, BYTE *lpReplaceMask, UINT cbReplaceSize, UINT uReplaceCount){UINT uResult = 0;BYTE *pCurrent = NULL;BYTE *pCurrentSearch = lpTargetAddress;UINT uBytesRemaining = cbSearchSize;UINT i = 0;UINT j = 0;do{ pCurrent = (BYTE *)Search(pCurrentSearch, lpSearchPattern, lpSearchMask, cbPatternSize, uBytesRemaining, FALSE); if (!pCurrent) break; for (i=0; i<cbReplaceSize; i++) { if (lpReplaceMask[i] == 0) { pCurrent[i] = lpReplacePattern[i]; } } j++; uBytesRemaining = cbSearchSize - (((UINT)pCurrent - (UINT)lpTargetAddress) + 1); pCurrentSearch = pCurrent + 1; if (uBytesRemaining < cbPatternSize) break;} while (j < uReplaceCount);return j;}UINT SearchAndReplace(BYTE *lpTargetAddress,BYTE *lpSearchPattern,BYTE *lpSearchMask,UINT cbPatternSize,UINT cbSearchSize, BYTE *lpReplacePattern, BYTE *lpReplaceMask, UINT cbReplaceSize, UINT uPatchInstance){UINT uResult = 0;BYTE *pCurrent = NULL;BYTE *pCurrentSearch = lpTargetAddress;UINT uBytesRemaining = cbSearchSize;UINT i = 0;UINT j = 0;do{ pCurrent = (BYTE *)Search(pCurrentSearch, lpSearchPattern, lpSearchMask, cbPatternSize, uBytesRemaining, FALSE); if (!pCurrent) break; j++; if (j == uPatchInstance || uPatchInstance == -1) { for (i=0; i<cbReplaceSize; i++) { if (lpReplaceMask[i] == 0) { pCurrent[i] = lpReplacePattern[i]; } } } if (j == uPatchInstance) break; uBytesRemaining = cbSearchSize - (((UINT)pCurrent - (UINT)lpTargetAddress) + 1); pCurrentSearch = pCurrent + 1;} while (uBytesRemaining >= cbPatternSize);return j;}HR,Ghandi Edited December 10, 2011 by ghandi
qpt^J Posted December 10, 2011 Author Posted December 10, 2011 thanks for new src, Ghandi Mask is useless for my patcher, since i am patching in data section, not in code. Anyway this could be useful for later, so I'll keep it. BR, qpt
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now