MASM - Already patched-check (SnR function)

[DeadAndGone]

removed

Edited November 29, 2012 by NotUsed

[wunder]

Well .... First off you should always provide a complete source with a little file to test like a crackme to patch.... any thing like patching so any name that you enter will check OK

So we can test your patcher ...and modify it .....

Second .... this forum has quite a few open source patchers in MASM ......

With the serach and replace patcher you would have to add a CRC check ...that is the only way to tell if a file was patched....

So the first CRC is the un patched file and the second is a patched one ...and you check against it ....

If you are using the search n replace by diabloo

That is not done were you are doing it !

That is done in the " Patch proc" and you send your " File already patched message from there !!!!

Download this file http://forum.tuts4yo...&attach_id=1676

http://forum.tuts4yo...er-help-in-asm/

In that file in minip.asm in line 393 you have the buton to "Crack /restore"

You notice the open file name rouine is done there .... In search n replace by diabloo that is done in the patch proc so you will have to modify that to include a CRC check

Take a look at the source code form the attachment it is pretty easy to undersatd .... It is 4:54 AM here or I would modify for you but I am going to sleep....

If you have any problems please let me know

[DeadAndGone]

First I never said the patcher is for a crackme; I don't need to post the complete source since I posted everything what you need to know. Secondly ofcourse I used the search-function first

I will check it out, thanks for so far

Edited August 30, 2012 by Silence

[ghandi]

Crc is the only way? What is wrong with using a label or tag to 'sign' the file, format permitting? In the case of patching a PE32 file, you can safely overwrite unused portions of both the DOS and PE headers, not to mention appending a signature to the file which can be used for instant testing.

If you want to make it non-file specific you can also use a signature for the patched bytes and if your patching fails then call search'n'replace using the patched signature for both byte sequence and bytes-to-patch, setting a flag if it is successful.

Even invert the logic of this last suggestion and search for patched signature first, aborting on a hit.

Checksumming or hashing the file is good, just saying that there are alternate methods as well.

HR,

Ghandi

Edited August 30, 2012 by ghandi

[DeadAndGone]

ok, I got it working now, thanks Wunder

Actually I want to make the patch generic, so im interested in a generic way. Can you tell more about that Ghandi?

Edited August 30, 2012 by Silence

[wunder]

ok, I got it working now, thanks Wunder

Actually I want to make the patch generic, so im interested in a generic way. Can you tell more about that Ghandi?

You are very welcome

[wunder]

Crc is the only way? What is wrong with using a label or tag to 'sign' the file, format permitting? In the case of patching a PE32 file, you can safely overwrite unused portions of both the DOS and PE headers, not to mention appending a signature to the file which can be used for instant testing.

If you want to make it non-file specific you can also use a signature for the patched bytes and if your patching fails then call search'n'replace using the patched signature for both byte sequence and bytes-to-patch, setting a flag if it is successful.

Even invert the logic of this last suggestion and search for patched signature first, aborting on a hit.

Checksumming or hashing the file is good, just saying that there are alternate methods as well.

HR,

Ghandi

I was referring to the fact that there is nothing in the snr proc

That he can call to do that .... So I used CRC check as an example of something that he must add

The only way to get a check is by adding something ,

Also there was an example handy on the site:)

I have a masm source for a file compare that uses the things you mention...

I am aware of them....

I am sorry of my answer was not clear

[DeadAndGone]

Well thanks again wunder for your help, I got it working now that crc check. But I want a generic one, what means that it should search a pattern in a file and when this pattern is not found then error textmessage, and when found then patch some bytes and show succesfully patched message.But the problem now is that it should search this pattern once. Now it´s searching it for everytime you press a button.

So let´s make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible?

Here I got a example source in attact.

Edited November 29, 2012 by NotUsed

[Departure]

Booleans are good to use to see if you have already clicked the button once.. there are many other ways also but booleans are your friend and easy to implement.

[DeadAndGone]

I thought there was a better way then booleans, but probably not ghehe

Well then im going to use booleans. Thanks everyone.

[wunder]

Well thanks again wunder for your help, I got it working now that crc check. But I want a generic one, what means that it should search a pattern in a file and when this pattern is not found then error textmessage, and when found then patch some bytes and show succesfully patched message.But the problem now is that it should search this pattern once. Now it´s searching it for everytime you press a button.

So let´s make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible?

Here I got a example source in attact.

Your wish is my command.....

For the record I would not use the searh and replace method .... That Other source that I provided you is better....

But here it is .... and I included a Build it.bat for you ..... Since you are using Xylitol

It works the way you wanted

I find it to have a bug:

If you delete the bakup file after it was patched it will back up the patched version ....

That is why you need to add the CRC check or any other method .....

BUT if you don't delete the back up and try to patch an already patched version than you still have a good back up.....

Just the way that this patcher is set up it would be defecualt any other way .....

I also added a message to uncheck back up once you patch it ....not necessary

I Do well with Programing but not so good at keygens I wish some one would help me http://forum.tuts4you.com/topic/29873-chainie-keygen/

I hope this helped

patcher.zip

[DeadAndGone]

Thanks wunder, but actually I don´t see any difference between my source and this one you provided...

[wunder]

Look again ????

Yours did not show a message that file was already patched ...that is what you wanted right....

your patcher still needs to map an exe to do anything with it that is the way windows works !

your .asm:

.486
.model flat, stdcall
option casemap :none   ; case sensitive
include  base.inc
include  patch.asm
include C:\masm32\macros\macros.asm
.code
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam, hInstance, 101, 0, ADDR DlgProc, 0
invoke ExitProcess, eax
; -----------------------------------------------------------------------
DlgProc proc hWin :DWORD,
  uMsg :DWORD,
  wParam :DWORD,
  lParam :DWORD
.if uMsg == WM_COMMAND
  .if wParam == IDC_OK
invoke PatchFile, Addr szFile, hWin
invoke MessageBox, hWin, chr$("File patched"), chr$("File patched"),MB_OK	    .elseif wParam == IDC_IDCANCEL
   invoke EndDialog,hWin,0
  .endif
.elseif uMsg == WM_CLOSE
  invoke EndDialog,hWin,0
.endif
xor eax,eax
ret
DlgProc endpBackup proc hWnd:HWND
  invoke SendDlgItemMessage, hWnd,1005, BM_GETCHECK, 0, 0
  .if eax==BST_CHECKED
   invoke CopyFile, offset szFile, addr BackupName, TRUE
  .endif
Ret
Backup EndPPatchFile proc _targetfile:dword, hWnd:DWORD
LOCAL local_hFile :DWORD
LOCAL local_hFileMapping:DWORD
LOCAL local_hViewOfFile :DWORD
LOCAL local_retvalue :DWORD
LOCAL local_filesize :DWORD
pushad
mov local_retvalue,0; Make backup of the file which will be patched
invoke SendDlgItemMessage, hWnd, 1005, BM_GETCHECK, 0, 0
  .if eax==BST_CHECKED
   invoke CopyFile, addr szFile, addr BackupName, TRUE
  .endifinvoke CreateFile,_targetfile,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL+FILE_ATTRIBUTE_HIDDEN,0
.if eax!=INVALID_HANDLE_VALUE
  mov local_hFile,eax
  invoke CreateFileMapping,eax,0,PAGE_READWRITE,0,0,0
  .if eax!=NULL
   mov local_hFileMapping,eax
   invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0
   .if eax!=NULL
    mov local_hViewOfFile,eax
    invoke GetFileSize,local_hFile,0
    mov local_filesize,eax    push 1
    push local_filesize
    push PATTERNSIZE
    push offset ReplaceMask
    push offset ReplacePattern
    push offset SearchMask
    push offset SearchPattern
    push local_hViewOfFile
    call SearchAndReplace
    .endif   .endif
  .endifinvoke UnmapViewOfFile,local_hViewOfFile
invoke CloseHandle,local_hFileMapping
invoke CloseHandle,local_hFile
popad
ret
PatchFile endp
end start

my .asm

.486
.model flat, stdcall
option casemap :none   ; case sensitive
include  base.inc
include  patch.asm
include C:\masm32\macros\macros.asm
.code
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam, hInstance, 101, 0, ADDR DlgProc, 0
invoke ExitProcess, eax
; -----------------------------------------------------------------------
DlgProc proc hWin:DWORD,
  uMsg :DWORD,
  wParam :DWORD,
  lParam :DWORD
.if uMsg == WM_COMMAND
  .if wParam == IDC_OK
;  ; Make backup of the file which will be patched
invoke SendDlgItemMessage, hWin, 1005, BM_GETCHECK, 0, 0
  .if eax==BST_CHECKED
   invoke CopyFile, addr szFile, addr BackupName, TRUE
  .endif
invoke SendDlgItemMessage, hWin, 1005, BM_SETCHECK, 0, 0 ; uncheck  "Make backup"
invoke PatchFile, Addr szFile, eax
.if eax!=0
invoke MessageBox, hWin, chr$("...patching successfull!"), chr$("File patched"),MB_OK.else
  invoke MessageBox,hWin,chr$("...File already patched!or Missing!"),chr$("Sorry"),MB_OK
  .endif
.endif
.endif
	    .if wParam == IDC_IDCANCEL
   invoke EndDialog,hWin,0
  .endif
.if uMsg == WM_CLOSE
  invoke EndDialog,hWin,0
.endif
xor eax,eax
ret
DlgProc endpPatchFile proc _targetfile:dword , hWnd:DWORD
LOCAL local_hFile :DWORD
LOCAL local_hFileMapping:DWORD
LOCAL local_hViewOfFile :DWORD
LOCAL local_retvalue :DWORD
LOCAL local_filesize :DWORDpushadmov local_retvalue,0
invoke CreateFile,_targetfile,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL+FILE_ATTRIBUTE_HIDDEN,0
.if eax!=INVALID_HANDLE_VALUE  mov local_hFile,eax
  invoke CreateFileMapping,eax,0,PAGE_READWRITE,0,0,0  .if eax!=NULL
   mov local_hFileMapping,eax   invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0
   .if eax!=NULL    mov local_hViewOfFile,eax    invoke GetFileSize,local_hFile,0
    mov local_filesize,eax    push 1
    push local_filesize
    push PATTERNSIZE
    push offset ReplaceMask
    push offset ReplacePattern
    push offset SearchMask
    push offset SearchPattern
    push local_hViewOfFile
    call SearchAndReplace    mov local_retvalue,eax
    invoke UnmapViewOfFile,local_hViewOfFile   .endif   invoke CloseHandle,local_hFileMapping
  .endif  invoke CloseHandle,local_hFile
.endifpopadmov eax,local_retvalue
ret
PatchFile endp
end start

[wunder]

So let´s make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible?

It does show a message box now....

But a patcher still needs to map the PE .... to open the file and since you are using the Snr Method than you most search again in order to tell that the file was patched again or not .... That is how this patcher works ....Not possible with out !

If you use the example that I gave you ... with the CRC32 Check ...than you still need to MAP PE ... ( open file etc...)

But it wont serach for a pattern it will Do a CRC32 check before it procedes ...Get It ?

[wunder]

Here Please read this.... This will explain the priciple of a simple Patcher ... map pe , search , etc....

/>http://www.reversing.be/article.php?story=20050305145925244

There is attchement there with target file ....

This is Patcher 101

[DeadAndGone]

Well I got it now. Thanks for your help