DeadAndGone Posted August 27, 2012 Posted August 27, 2012 (edited) removed Edited November 29, 2012 by NotUsed
wunder Posted August 30, 2012 Posted August 30, 2012 Well .... First off you should always provide a complete source with a little file to test like a crackme to patch.... any thing like patching so any name that you enter will check OKSo we can test your patcher ...and modify it .....Second .... this forum has quite a few open source patchers in MASM ......With the serach and replace patcher you would have to add a CRC check ...that is the only way to tell if a file was patched....So the first CRC is the un patched file and the second is a patched one ...and you check against it ....If you are using the search n replace by diablooThat is not done were you are doing it !That is done in the " Patch proc" and you send your " File already patched message from there !!!!Download this file http://forum.tuts4yo...&attach_id=1676http://forum.tuts4yo...er-help-in-asm/In that file in minip.asm in line 393 you have the buton to "Crack /restore"You notice the open file name rouine is done there .... In search n replace by diabloo that is done in the patch proc so you will have to modify that to include a CRC checkTake a look at the source code form the attachment it is pretty easy to undersatd .... It is 4:54 AM here or I would modify for you but I am going to sleep....If you have any problems please let me know 1
DeadAndGone Posted August 30, 2012 Author Posted August 30, 2012 (edited) First I never said the patcher is for a crackme; I don't need to post the complete source since I posted everything what you need to know. Secondly ofcourse I used the search-function first I will check it out, thanks for so far Edited August 30, 2012 by Silence
ghandi Posted August 30, 2012 Posted August 30, 2012 (edited) Crc is the only way? What is wrong with using a label or tag to 'sign' the file, format permitting? In the case of patching a PE32 file, you can safely overwrite unused portions of both the DOS and PE headers, not to mention appending a signature to the file which can be used for instant testing.If you want to make it non-file specific you can also use a signature for the patched bytes and if your patching fails then call search'n'replace using the patched signature for both byte sequence and bytes-to-patch, setting a flag if it is successful.Even invert the logic of this last suggestion and search for patched signature first, aborting on a hit.Checksumming or hashing the file is good, just saying that there are alternate methods as well.HR,Ghandi Edited August 30, 2012 by ghandi
DeadAndGone Posted August 30, 2012 Author Posted August 30, 2012 (edited) ok, I got it working now, thanks Wunder Actually I want to make the patch generic, so im interested in a generic way. Can you tell more about that Ghandi? Edited August 30, 2012 by Silence
wunder Posted August 30, 2012 Posted August 30, 2012 ok, I got it working now, thanks Wunder Actually I want to make the patch generic, so im interested in a generic way. Can you tell more about that Ghandi? You are very welcome
wunder Posted August 30, 2012 Posted August 30, 2012 Crc is the only way? What is wrong with using a label or tag to 'sign' the file, format permitting? In the case of patching a PE32 file, you can safely overwrite unused portions of both the DOS and PE headers, not to mention appending a signature to the file which can be used for instant testing. If you want to make it non-file specific you can also use a signature for the patched bytes and if your patching fails then call search'n'replace using the patched signature for both byte sequence and bytes-to-patch, setting a flag if it is successful. Even invert the logic of this last suggestion and search for patched signature first, aborting on a hit. Checksumming or hashing the file is good, just saying that there are alternate methods as well. HR, Ghandi I was referring to the fact that there is nothing in the snr proc That he can call to do that .... So I used CRC check as an example of something that he must add The only way to get a check is by adding something , Also there was an example handy on the site:) I have a masm source for a file compare that uses the things you mention... I am aware of them.... I am sorry of my answer was not clear
DeadAndGone Posted August 30, 2012 Author Posted August 30, 2012 (edited) Well thanks again wunder for your help, I got it working now that crc check. But I want a generic one, what means that it should search a pattern in a file and when this pattern is not found then error textmessage, and when found then patch some bytes and show succesfully patched message.But the problem now is that it should search this pattern once. Now it´s searching it for everytime you press a button.So let´s make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible?Here I got a example source in attact. Edited November 29, 2012 by NotUsed
Departure Posted August 31, 2012 Posted August 31, 2012 Booleans are good to use to see if you have already clicked the button once.. there are many other ways also but booleans are your friend and easy to implement.
DeadAndGone Posted August 31, 2012 Author Posted August 31, 2012 I thought there was a better way then booleans, but probably not ghehe Well then im going to use booleans. Thanks everyone.
wunder Posted August 31, 2012 Posted August 31, 2012 Well thanks again wunder for your help, I got it working now that crc check. But I want a generic one, what means that it should search a pattern in a file and when this pattern is not found then error textmessage, and when found then patch some bytes and show succesfully patched message.But the problem now is that it should search this pattern once. Now it´s searching it for everytime you press a button. So let´s make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible? Here I got a example source in attact. Your wish is my command..... For the record I would not use the searh and replace method .... That Other source that I provided you is better.... But here it is .... and I included a Build it.bat for you ..... Since you are using Xylitol It works the way you wanted I find it to have a bug: If you delete the bakup file after it was patched it will back up the patched version .... That is why you need to add the CRC check or any other method ..... BUT if you don't delete the back up and try to patch an already patched version than you still have a good back up..... Just the way that this patcher is set up it would be defecualt any other way ..... I also added a message to uncheck back up once you patch it ....not necessary I Do well with Programing but not so good at keygens I wish some one would help me http://forum.tuts4you.com/topic/29873-chainie-keygen/ I hope this helped patcher.zip
DeadAndGone Posted August 31, 2012 Author Posted August 31, 2012 Thanks wunder, but actually I don´t see any difference between my source and this one you provided...
wunder Posted August 31, 2012 Posted August 31, 2012 Look again ????Yours did not show a message that file was already patched ...that is what you wanted right....your patcher still needs to map an exe to do anything with it that is the way windows works !your .asm:.486.model flat, stdcalloption casemap :none ; case sensitiveinclude base.incinclude patch.asminclude C:\masm32\macros\macros.asm.codestart:invoke GetModuleHandle, NULLmov hInstance, eaxinvoke DialogBoxParam, hInstance, 101, 0, ADDR DlgProc, 0invoke ExitProcess, eax; -----------------------------------------------------------------------DlgProc proc hWin :DWORD, uMsg :DWORD, wParam :DWORD, lParam :DWORD.if uMsg == WM_COMMAND .if wParam == IDC_OKinvoke PatchFile, Addr szFile, hWininvoke MessageBox, hWin, chr$("File patched"), chr$("File patched"),MB_OK .elseif wParam == IDC_IDCANCEL invoke EndDialog,hWin,0 .endif.elseif uMsg == WM_CLOSE invoke EndDialog,hWin,0.endifxor eax,eaxretDlgProc endpBackup proc hWnd:HWND invoke SendDlgItemMessage, hWnd,1005, BM_GETCHECK, 0, 0 .if eax==BST_CHECKED invoke CopyFile, offset szFile, addr BackupName, TRUE .endifRetBackup EndPPatchFile proc _targetfile:dword, hWnd:DWORDLOCAL local_hFile :DWORDLOCAL local_hFileMapping:DWORDLOCAL local_hViewOfFile :DWORDLOCAL local_retvalue :DWORDLOCAL local_filesize :DWORDpushadmov local_retvalue,0; Make backup of the file which will be patchedinvoke SendDlgItemMessage, hWnd, 1005, BM_GETCHECK, 0, 0 .if eax==BST_CHECKED invoke CopyFile, addr szFile, addr BackupName, TRUE .endifinvoke CreateFile,_targetfile,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL+FILE_ATTRIBUTE_HIDDEN,0.if eax!=INVALID_HANDLE_VALUE mov local_hFile,eax invoke CreateFileMapping,eax,0,PAGE_READWRITE,0,0,0 .if eax!=NULL mov local_hFileMapping,eax invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0 .if eax!=NULL mov local_hViewOfFile,eax invoke GetFileSize,local_hFile,0 mov local_filesize,eax push 1 push local_filesize push PATTERNSIZE push offset ReplaceMask push offset ReplacePattern push offset SearchMask push offset SearchPattern push local_hViewOfFile call SearchAndReplace .endif .endif .endifinvoke UnmapViewOfFile,local_hViewOfFileinvoke CloseHandle,local_hFileMappinginvoke CloseHandle,local_hFilepopadretPatchFile endpend startmy .asm.486.model flat, stdcalloption casemap :none ; case sensitiveinclude base.incinclude patch.asminclude C:\masm32\macros\macros.asm.codestart:invoke GetModuleHandle, NULLmov hInstance, eaxinvoke DialogBoxParam, hInstance, 101, 0, ADDR DlgProc, 0invoke ExitProcess, eax; -----------------------------------------------------------------------DlgProc proc hWin:DWORD, uMsg :DWORD, wParam :DWORD, lParam :DWORD.if uMsg == WM_COMMAND .if wParam == IDC_OK; ; Make backup of the file which will be patchedinvoke SendDlgItemMessage, hWin, 1005, BM_GETCHECK, 0, 0 .if eax==BST_CHECKED invoke CopyFile, addr szFile, addr BackupName, TRUE .endifinvoke SendDlgItemMessage, hWin, 1005, BM_SETCHECK, 0, 0 ; uncheck "Make backup"invoke PatchFile, Addr szFile, eax.if eax!=0invoke MessageBox, hWin, chr$("...patching successfull!"), chr$("File patched"),MB_OK.else invoke MessageBox,hWin,chr$("...File already patched!or Missing!"),chr$("Sorry"),MB_OK .endif.endif.endif .if wParam == IDC_IDCANCEL invoke EndDialog,hWin,0 .endif.if uMsg == WM_CLOSE invoke EndDialog,hWin,0.endifxor eax,eaxretDlgProc endpPatchFile proc _targetfile:dword , hWnd:DWORDLOCAL local_hFile :DWORDLOCAL local_hFileMapping:DWORDLOCAL local_hViewOfFile :DWORDLOCAL local_retvalue :DWORDLOCAL local_filesize :DWORDpushadmov local_retvalue,0invoke CreateFile,_targetfile,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL+FILE_ATTRIBUTE_HIDDEN,0.if eax!=INVALID_HANDLE_VALUE mov local_hFile,eax invoke CreateFileMapping,eax,0,PAGE_READWRITE,0,0,0 .if eax!=NULL mov local_hFileMapping,eax invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0 .if eax!=NULL mov local_hViewOfFile,eax invoke GetFileSize,local_hFile,0 mov local_filesize,eax push 1 push local_filesize push PATTERNSIZE push offset ReplaceMask push offset ReplacePattern push offset SearchMask push offset SearchPattern push local_hViewOfFile call SearchAndReplace mov local_retvalue,eax invoke UnmapViewOfFile,local_hViewOfFile .endif invoke CloseHandle,local_hFileMapping .endif invoke CloseHandle,local_hFile.endifpopadmov eax,local_retvalueretPatchFile endpend start
wunder Posted August 31, 2012 Posted August 31, 2012 So let´s make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible?It does show a message box now....But a patcher still needs to map the PE .... to open the file and since you are using the Snr Method than you most search again in order to tell that the file was patched again or not .... That is how this patcher works ....Not possible with out !If you use the example that I gave you ... with the CRC32 Check ...than you still need to MAP PE ... ( open file etc...)But it wont serach for a pattern it will Do a CRC32 check before it procedes ...Get It ?
wunder Posted August 31, 2012 Posted August 31, 2012 Here Please read this.... This will explain the priciple of a simple Patcher ... map pe , search , etc..../>http://www.reversing.be/article.php?story=20050305145925244There is attchement there with target file ....This is Patcher 101
DeadAndGone Posted August 31, 2012 Author Posted August 31, 2012 Well I got it now. Thanks for your help
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now