Jump to content
Tuts 4 You

MASM - Already patched-check (SnR function)


DeadAndGone

Recommended Posts

Posted (edited)

removed

Edited by NotUsed
Posted

Well .... First off you should always provide a complete source with a little file to test like a crackme to patch.... any thing like patching so any name that you enter will check OK

So we can test your patcher ...and modify it .....

Second .... this forum has quite a few open source patchers in MASM ......

With the serach and replace patcher you would have to add a CRC check ...that is the only way to tell if a file was patched....

So the first CRC is the un patched file and the second is a patched one ...and you check against it ....

If you are using the search n replace by diabloo

That is not done were you are doing it !

That is done in the " Patch proc" and you send your " File already patched message from there !!!!

Download this file http://forum.tuts4yo...&attach_id=1676

http://forum.tuts4yo...er-help-in-asm/

In that file in minip.asm in line 393 you have the buton to "Crack /restore"

You notice the open file name rouine is done there .... In search n replace by diabloo that is done in the patch proc so you will have to modify that to include a CRC check

Take a look at the source code form the attachment it is pretty easy to undersatd .... It is 4:54 AM here or I would modify for you but I am going to sleep....

If you have any problems please let me know

  • Like 1
Posted (edited)

First I never said the patcher is for a crackme; I don't need to post the complete source since I posted everything what you need to know. Secondly ofcourse I used the search-function first :)

I will check it out, thanks for so far :)

Edited by Silence
Posted (edited)

Crc is the only way? What is wrong with using a label or tag to 'sign' the file, format permitting? In the case of patching a PE32 file, you can safely overwrite unused portions of both the DOS and PE headers, not to mention appending a signature to the file which can be used for instant testing.

If you want to make it non-file specific you can also use a signature for the patched bytes and if your patching fails then call search'n'replace using the patched signature for both byte sequence and bytes-to-patch, setting a flag if it is successful.

Even invert the logic of this last suggestion and search for patched signature first, aborting on a hit.

Checksumming or hashing the file is good, just saying that there are alternate methods as well.

HR,

Ghandi

Edited by ghandi
Posted (edited)

ok, I got it working now, thanks Wunder :smilie3:

Actually I want to make the patch generic, so im interested in a generic way. Can you tell more about that Ghandi?

Edited by Silence
Posted

ok, I got it working now, thanks Wunder :smilie3:

Actually I want to make the patch generic, so im interested in a generic way. Can you tell more about that Ghandi?

You are very welcome :)

Posted

Crc is the only way? What is wrong with using a label or tag to 'sign' the file, format permitting? In the case of patching a PE32 file, you can safely overwrite unused portions of both the DOS and PE headers, not to mention appending a signature to the file which can be used for instant testing.

If you want to make it non-file specific you can also use a signature for the patched bytes and if your patching fails then call search'n'replace using the patched signature for both byte sequence and bytes-to-patch, setting a flag if it is successful.

Even invert the logic of this last suggestion and search for patched signature first, aborting on a hit.

Checksumming or hashing the file is good, just saying that there are alternate methods as well.

HR,

Ghandi

I was referring to the fact that there is nothing in the snr proc

That he can call to do that .... So I used CRC check as an example of something that he must add

The only way to get a check is by adding something ,

Also there was an example handy on the site:)

I have a masm source for a file compare that uses the things you mention...

I am aware of them....

I am sorry of my answer was not clear ;)

Posted (edited)

Well thanks again wunder for your help, I got it working now that crc check. But I want a generic one, what means that it should search a pattern in a file and when this pattern is not found then error textmessage, and when found then patch some bytes and show succesfully patched message.But the problem now is that it should search this pattern once. Now itÂīs searching it for everytime you press a button.

So letÂīs make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible?

Here I got a example source in attact.

Edited by NotUsed
Posted

Booleans are good to use to see if you have already clicked the button once.. there are many other ways also but booleans are your friend and easy to implement.

Posted

I thought there was a better way then booleans, but probably not ghehe :^

Well then im going to use booleans. Thanks everyone.

Posted

Well thanks again wunder for your help, I got it working now that crc check. But I want a generic one, what means that it should search a pattern in a file and when this pattern is not found then error textmessage, and when found then patch some bytes and show succesfully patched message.But the problem now is that it should search this pattern once. Now itÂīs searching it for everytime you press a button.

So letÂīs make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible?

Here I got a example source in attact.

Your wish is my command.....

For the record I would not use the searh and replace method .... That Other source that I provided you is better....

But here it is .... and I included a Build it.bat for you ..... Since you are using Xylitol

It works the way you wanted

I find it to have a bug:

If you delete the bakup file after it was patched it will back up the patched version ....

That is why you need to add the CRC check or any other method .....

BUT if you don't delete the back up and try to patch an already patched version than you still have a good back up.....

Just the way that this patcher is set up it would be defecualt any other way .....

I also added a message to uncheck back up once you patch it ....not necessary

I Do well with Programing but not so good at keygens I wish some one would help me http://forum.tuts4you.com/topic/29873-chainie-keygen/ :(

I hope this helped :)

patcher.zip

Posted

Thanks wunder, but actually I donÂīt see any difference between my source and this one you provided... :cc_confused:

Posted

Look again ????

Yours did not show a message that file was already patched ...that is what you wanted right....

your patcher still needs to map an exe to do anything with it that is the way windows works !

your .asm:


.486
.model flat, stdcall
option casemap :none ; case sensitive
include base.inc
include patch.asm
include C:\masm32\macros\macros.asm
.code
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam, hInstance, 101, 0, ADDR DlgProc, 0
invoke ExitProcess, eax
; -----------------------------------------------------------------------
DlgProc proc hWin :DWORD,
uMsg :DWORD,
wParam :DWORD,
lParam :DWORD
.if uMsg == WM_COMMAND
.if wParam == IDC_OK
invoke PatchFile, Addr szFile, hWin
invoke MessageBox, hWin, chr$("File patched"), chr$("File patched"),MB_OK .elseif wParam == IDC_IDCANCEL
invoke EndDialog,hWin,0
.endif
.elseif uMsg == WM_CLOSE
invoke EndDialog,hWin,0
.endif
xor eax,eax
ret
DlgProc endpBackup proc hWnd:HWND
invoke SendDlgItemMessage, hWnd,1005, BM_GETCHECK, 0, 0
.if eax==BST_CHECKED
invoke CopyFile, offset szFile, addr BackupName, TRUE
.endif
Ret
Backup EndPPatchFile proc _targetfile:dword, hWnd:DWORD
LOCAL local_hFile :DWORD
LOCAL local_hFileMapping:DWORD
LOCAL local_hViewOfFile :DWORD
LOCAL local_retvalue :DWORD
LOCAL local_filesize :DWORD
pushad
mov local_retvalue,0; Make backup of the file which will be patched
invoke SendDlgItemMessage, hWnd, 1005, BM_GETCHECK, 0, 0
.if eax==BST_CHECKED
invoke CopyFile, addr szFile, addr BackupName, TRUE
.endifinvoke CreateFile,_targetfile,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL+FILE_ATTRIBUTE_HIDDEN,0
.if eax!=INVALID_HANDLE_VALUE
mov local_hFile,eax
invoke CreateFileMapping,eax,0,PAGE_READWRITE,0,0,0
.if eax!=NULL
mov local_hFileMapping,eax
invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0
.if eax!=NULL
mov local_hViewOfFile,eax
invoke GetFileSize,local_hFile,0
mov local_filesize,eax push 1
push local_filesize
push PATTERNSIZE
push offset ReplaceMask
push offset ReplacePattern
push offset SearchMask
push offset SearchPattern
push local_hViewOfFile
call SearchAndReplace
.endif .endif
.endifinvoke UnmapViewOfFile,local_hViewOfFile
invoke CloseHandle,local_hFileMapping
invoke CloseHandle,local_hFile
popad
ret
PatchFile endp
end start

my .asm


.486
.model flat, stdcall
option casemap :none ; case sensitive
include base.inc
include patch.asm
include C:\masm32\macros\macros.asm
.code
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam, hInstance, 101, 0, ADDR DlgProc, 0
invoke ExitProcess, eax
; -----------------------------------------------------------------------
DlgProc proc hWin:DWORD,
uMsg :DWORD,
wParam :DWORD,
lParam :DWORD
.if uMsg == WM_COMMAND
.if wParam == IDC_OK
; ; Make backup of the file which will be patched
invoke SendDlgItemMessage, hWin, 1005, BM_GETCHECK, 0, 0
.if eax==BST_CHECKED
invoke CopyFile, addr szFile, addr BackupName, TRUE
.endif
invoke SendDlgItemMessage, hWin, 1005, BM_SETCHECK, 0, 0 ; uncheck "Make backup"
invoke PatchFile, Addr szFile, eax
.if eax!=0
invoke MessageBox, hWin, chr$("...patching successfull!"), chr$("File patched"),MB_OK.else
invoke MessageBox,hWin,chr$("...File already patched!or Missing!"),chr$("Sorry"),MB_OK
.endif
.endif
.endif
.if wParam == IDC_IDCANCEL
invoke EndDialog,hWin,0
.endif
.if uMsg == WM_CLOSE
invoke EndDialog,hWin,0
.endif
xor eax,eax
ret
DlgProc endpPatchFile proc _targetfile:dword , hWnd:DWORD
LOCAL local_hFile :DWORD
LOCAL local_hFileMapping:DWORD
LOCAL local_hViewOfFile :DWORD
LOCAL local_retvalue :DWORD
LOCAL local_filesize :DWORDpushadmov local_retvalue,0
invoke CreateFile,_targetfile,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL+FILE_ATTRIBUTE_HIDDEN,0
.if eax!=INVALID_HANDLE_VALUE mov local_hFile,eax
invoke CreateFileMapping,eax,0,PAGE_READWRITE,0,0,0 .if eax!=NULL
mov local_hFileMapping,eax invoke MapViewOfFile,eax,FILE_MAP_WRITE,0,0,0
.if eax!=NULL mov local_hViewOfFile,eax invoke GetFileSize,local_hFile,0
mov local_filesize,eax push 1
push local_filesize
push PATTERNSIZE
push offset ReplaceMask
push offset ReplacePattern
push offset SearchMask
push offset SearchPattern
push local_hViewOfFile
call SearchAndReplace mov local_retvalue,eax
invoke UnmapViewOfFile,local_hViewOfFile .endif invoke CloseHandle,local_hFileMapping
.endif invoke CloseHandle,local_hFile
.endifpopadmov eax,local_retvalue
ret
PatchFile endp
end start
Posted

So letÂīs make a example:You click button1. Then it should search and patch some bytes. After this, when you click the same button again for the second time, then it should show us only a messagebox, instead of search and patch again.Is this possible?

It does show a message box now....

But a patcher still needs to map the PE .... to open the file and since you are using the Snr Method than you most search again in order to tell that the file was patched again or not .... That is how this patcher works ....Not possible with out !

If you use the example that I gave you ... with the CRC32 Check ...than you still need to MAP PE ... ( open file etc...)

But it wont serach for a pattern it will Do a CRC32 check before it procedes ...Get It ?

Posted

Here Please read this.... This will explain the priciple of a simple Patcher ... map pe , search , etc....


/>http://www.reversing.be/article.php?story=20050305145925244

There is attchement there with target file ....

This is Patcher 101

Posted

Well I got it now. Thanks for your help :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...