qpt^J Posted December 9, 2011 Share Posted December 9, 2011 Hello guys. Maybe same question has been asked before, although i couldnt find any useful thing while searching. I am looking for a SIMPLE search+replace patcher src in C. And I'm not a C coder so please do not offer to code it on my own p.s: do not offer dup SnR engine. Link to comment
deepzero Posted December 9, 2011 Share Posted December 9, 2011 check this:/>http://www.accessroot.com/arteam/forums/index.php?showtopic=9905 Link to comment
qpt^J Posted December 9, 2011 Author Share Posted December 9, 2011 thanks a lot mate! that src is exactly what i was looking for Link to comment
qpt^J Posted December 9, 2011 Author Share Posted December 9, 2011 lol, i was so excited from getting that code, so i didnt noticed, that it doesnt include replace feature lol. i would be greatfull if someone share a full src Link to comment
deepzero Posted December 9, 2011 Share Posted December 9, 2011 BM search by ConZero (mentioned in above thread) seems to support replacing too:/>http://www.accessroot.com/arteam/site/download.php?view.238didnt check it out, though. Link to comment
qpt^J Posted December 9, 2011 Author Share Posted December 9, 2011 that thing has a long code, not that fast, like Search only one. :/ Link to comment
mrexodia Posted December 9, 2011 Share Posted December 9, 2011 Try something like this (you need to change the pattern bytes because I'm a fail coder)#include <stdio.h>#include <windows.h>unsigned int filesize=0;unsigned int patch_offset=0;BYTE* file_buffer=0;int main(){ DWORD high=0; HANDLE hFile=CreateFileA("Security.dll", GENERIC_ALL, 0, 0, OPEN_EXISTING, 0, 0); filesize=GetFileSize(hFile, &high); long allocated=(long)VirtualAlloc(VirtualAlloc(0, filesize, MEM_RESERVE, PAGE_EXECUTE_READWRITE), filesize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); ReadFile(hFile, (void*)allocated, filesize, &high, 0); CloseHandle(hFile); file_buffer=(BYTE*)allocated; for(unsigned int i=0; i<filesize; i++) //Pattern: 11 22 33 44 55 66 77 88 99 ?? BB ?? ?? EE FF { if(file_buffer[i]==0x11) { if(file_buffer[i+1]==0x22) { if(file_buffer[i+2]==0x33) { if(file_buffer[i+3]==0x44) { if(file_buffer[i+4]==0x55) { if(file_buffer[i+5]==0x66) { if(file_buffer[i+6]==0x77) { if(file_buffer[i+7]==0x88) { if(file_buffer[i+8]==0x99) { if(file_buffer[i+10]==0xBB) { if(file_buffer[i+13]==0xEE) { if(file_buffer[i+14]==0xFF) { patch_offset=i; } } } } } } } } } } } } } if(!patch_offset) puts("Pattern not found, maybe the version is too new/old..\n"); else printf("Raw patch offset: %08X\n\n", patch_offset); system("pause"); //patching: char patch_data[10]={0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0x00}; memcpy((void*)patch_offset+file_buffer, (void*)patch_data, 10); //write a new file here (no time) return 0;}Paste: http://pastebin.com/VrirCh7tGreetings,Mr. eXoDia 2 Link to comment
qpt^J Posted December 9, 2011 Author Share Posted December 9, 2011 @Mr. eXoDia thanks mate for your source, but i my patterns are too long and i have to patch in many places, so this method isn't really good in this case. i have done some changes in Ghandi's src (lame inline asm and didnt implemented replace mask), and made it working with my target. And some part of my code is translated from dup SnR Engine here's final src, although i dont think it would be useful: http://pastebin.com/GQgDBqex thank you guys Link to comment
ghandi Posted December 10, 2011 Share Posted December 10, 2011 (edited) I haven't tested this, but would something like this be of any use? IF it works as intended, you should be able to pass a mask using 0x01 as skip flag and 0x00 as patch flag. The 'uReplaceCount' is the amount of times it should patch or pass -1 to patch all occurrences. In the second piece of code, there is a 'uPatchInstance' parameter instead, this will allow patching the Nth instance found or all with -1.UINT SearchAndReplace(BYTE *lpTargetAddress,BYTE *lpSearchPattern,BYTE *lpSearchMask,UINT cbPatternSize,UINT cbSearchSize, BYTE *lpReplacePattern, BYTE *lpReplaceMask, UINT cbReplaceSize, UINT uReplaceCount){UINT uResult = 0;BYTE *pCurrent = NULL;BYTE *pCurrentSearch = lpTargetAddress;UINT uBytesRemaining = cbSearchSize;UINT i = 0;UINT j = 0;do{ pCurrent = (BYTE *)Search(pCurrentSearch, lpSearchPattern, lpSearchMask, cbPatternSize, uBytesRemaining, FALSE); if (!pCurrent) break; for (i=0; i<cbReplaceSize; i++) { if (lpReplaceMask[i] == 0) { pCurrent[i] = lpReplacePattern[i]; } } j++; uBytesRemaining = cbSearchSize - (((UINT)pCurrent - (UINT)lpTargetAddress) + 1); pCurrentSearch = pCurrent + 1; if (uBytesRemaining < cbPatternSize) break;} while (j < uReplaceCount);return j;}UINT SearchAndReplace(BYTE *lpTargetAddress,BYTE *lpSearchPattern,BYTE *lpSearchMask,UINT cbPatternSize,UINT cbSearchSize, BYTE *lpReplacePattern, BYTE *lpReplaceMask, UINT cbReplaceSize, UINT uPatchInstance){UINT uResult = 0;BYTE *pCurrent = NULL;BYTE *pCurrentSearch = lpTargetAddress;UINT uBytesRemaining = cbSearchSize;UINT i = 0;UINT j = 0;do{ pCurrent = (BYTE *)Search(pCurrentSearch, lpSearchPattern, lpSearchMask, cbPatternSize, uBytesRemaining, FALSE); if (!pCurrent) break; j++; if (j == uPatchInstance || uPatchInstance == -1) { for (i=0; i<cbReplaceSize; i++) { if (lpReplaceMask[i] == 0) { pCurrent[i] = lpReplacePattern[i]; } } } if (j == uPatchInstance) break; uBytesRemaining = cbSearchSize - (((UINT)pCurrent - (UINT)lpTargetAddress) + 1); pCurrentSearch = pCurrent + 1;} while (uBytesRemaining >= cbPatternSize);return j;}HR,Ghandi Edited December 10, 2011 by ghandi Link to comment
qpt^J Posted December 10, 2011 Author Share Posted December 10, 2011 thanks for new src, Ghandi Mask is useless for my patcher, since i am patching in data section, not in code. Anyway this could be useful for later, so I'll keep it. BR, qpt Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now