Hello guys. Your forum is great and very helpful! Thanks for your work! I am a beginner in reverse engineering with some basic knowledge of C++. I wanted to create a small offset patch in c++. I found a simple template on how to do that. I tried it first with a simple NOP patching and it worked. After I edited it to patch 8 offsets I ended up with a not working-Send report to Microsoft application. I uploaded the edited source code. I don't know much about it, and why that happened. . . Is this the proper way to do it? Is there another better template? I know that there exist some cool patch engines but I would like to experiment and building my own. Thanks in advance!

#include <windows.h>

#include <stdio.h>

#include <stdlib.h>
int applyPatch();

const int SIZE = 8;
int main(){

    applyPatch();

    return 0;

}

int applyPatch()

{

    int offset[SIZE]={0x5758F,0x57590,0x57591,0x57592,0x57594,0x5792D,0x5792F,0x5F963};
    byte patch[SIZE]={0xE9,0x97,0x03,0x90,0x90,0xE4,0x01,0xEB};
    int i=0;

    int patch_counter = 0;
    FILE *f;
    f=fopen("target.exe","r+");
    if(f==0)

    {

        MessageBox(0,"File not found!","Error",MB_ICONERROR);

        return 0;

    }
    for(patch_counter = 0; patch_counter < SIZE ; patch_counter++)

    {

        for(i=0;i<2;i++)

        {

            fseek(f,offset[patch_counter],SEEK_SET);

            fprintf(f,"%c",patch[patch_counter]); // Write patch

            offset[patch_counter]++;

        }

    }
    fclose(f);

    MessageBox(0,"Successfully patched! ","Patched",MB_OK);
    return 0;

}

Edited March 7, 201411 yr by robocopip

#include <stdio.h>

typedef struct {

long oSet;

int hexV;

} PYTE;

static PYTE pytes[2] = {

{0x0000100B,0x08}, //offsets und hexacode values;

{0x0000100C,0x00}, //0x08 für backspace->löscht letztes Nullbyte

//0x00 für das Setzen von einem Nullbyte.

//Sinn: Schönheitmakel der 2 Leerzeichen

//entfernen

};

int main(void){

FILE *patchFile = fopen("prim.exe","r+");

for(int i = 0; i < 2; i++){

fseek(patchFile, pytes.oSet, SEEK_SET);

fwrite(&pytes.hexV, 1, 1, patchFile);

}

fclose(patchFile);

}

Written by winexec

probably a million ways to do this that work, but for me I load the file into memory and make the patches in memory via memcpy() then write everything back to a new file. this is a basic code to change (patch) a file EP I use sometimes, but u can easily change the SetNewEP() function to change whatever bytes u want

// desc: Sets a new entry point in the PE header

// args: FileInMem buffer is target to alter

//       DWORD NewEP is a dword of the desired entry point

//       DWORD StartOfHeader is the file offset of the pe header start

// retn: nothing 
void SetNewEP(char FileInMem[], DWORD NewEP, DWORD StartOfHeader)

{
    memcpy(&FileInMem[StartOfHeader + 0x28], &NewEP, 4);     
}
int main()

{

....
    FILE * pFile;

    long lSize;

    char * TargetBuffer;

    size_t result;
    //pFile = fopen ( "C:\\Program Files\\Mozilla Firefox\\firefox.exe" , "rb" );
    printf("\n[+] Opening %s .... ", TargetExecutable);

    pFile = fopen ( TargetExecutable, "rb" );

    if (pFile==NULL) 

    {

        fputs ("[!] File error",stderr); 

        _getch ();

        exit (1);

    }
    // obtain file size:

    fseek (pFile , 0 , SEEK_END);
    //fseek (pFile , 9 , SEEK_SET );
    // get file size

    lSize = ftell (pFile);
    //lSize += 200;
    // set file back to start

    rewind (pFile);
    printf("\n[+] %s is %i bytes \n", TargetExecutable, lSize);
    // allocate memory to contain the whole file:

    TargetBuffer = (char*) malloc (sizeof(char)* lSize);

    if (TargetBuffer == NULL) 

    {

        fputs ("[!] Memory error",stderr); 

        _getch ();

        exit (2);

    }
    // copy the file into the buffer:

    result = fread (TargetBuffer, 1, lSize, pFile);

    if (result != lSize) 

    {

        fputs ("[!] Reading error",stderr); 

        _getch ();

        exit (3);

    }
    /* the whole file is now loaded in the memory buffer. */

    // now changes can be made directly to "file offset" in the buffer char
    printf("\n[+] File successfully loaded in memory - ready to edit\n...\n..\n.\n");

    // Get Entry Point  

    DWORD EntryPoint = ReturnDword(0x28, TargetBuffer, HeaderStartOffset);
    BYTE NoS = ReturnByte(0x06, TargetBuffer, HeaderStartOffset);

    printf("[+] NumberOfSections = 0x%02x \n", NoS);

    DWORD ImBase = ReturnDword(0x34, TargetBuffer, HeaderStartOffset);

    printf("[+] ImageBase = 0x%x \n", ImBase);
    DWORD OEP = EntryPoint + ImBase;

    printf("[+] OEP     = %08x \n", OEP);

    printf("[+] New EP  = %08x \n", NewEP);
    printf("[+] Changing EP to %08x \n", NewEP);
    SetNewEP(TargetBuffer, NewEP, HeaderStartOffset);
    printf("[+] EP changed to %08x \n", Nesest); 
    // This will write new file 

    char* Copier = "targetPATCHED.exe";
    ofstream myFile (Copier, ios::out | ios::binary);

    myFile.write (TargetBuffer, lSize);

    myFile.close();
    // terminate

    fclose (pFile);

    free (TargetBuffer);
}

Thanks

What if I want to backup my file in both cases?

For the code that winexec posted, you can load target.exe into a char buffer via fread() then write it back to disk via fwrite, or use filestreams, system("cp files..."), etc as the first lines in main()

 

For the code I posted, there is no need to backup your target.exe because it's being written to a seperate file.

Thank you so much simple.

 

If there exists another noob like me, I found a source code that backups the target.exe

#include <stdio.h>

#include <memory.h>

#include <malloc.h>
#define FILENAME_ORI "target.exe"

#define FILENAME_NEW "target_backup.exe"
int main()

{

	FILE *r = NULL;

	FILE *w = NULL;

	char *buf = NULL;

	unsigned int size = 0;
	// open handle for reading

	r = fopen(FILENAME_ORI, "rb");

	if(r == NULL)

	{

		printf("Error: fopen\n");

		return -1;

	}
	// open handle for writing

	w = fopen(FILENAME_NEW, "wb");

	if(w == NULL)

	{

		printf("Error: fopen\n");

		fclose(r);

		return -2;

	}
	fseek(r, 0, SEEK_END);

	size = ftell(r);

	rewind(r);
	// allocate memory for buffer

	buf = (char *)malloc(size);

	memset(buf, 0, size);
	// read bytes into buffer

	fread(buf, 1, size, r);
	// write bytes into file

	fwrite(buf, 1, size, w);
	// close handle

	fclose(r);

	fclose(w);
	printf("Success\n");

	return 0;

}

Edited March 7, 201411 yr by robocopip

@robocopip is possible to provide this specific Offset patcher's template as is (without changes)? Or even better the original link of the template?

-Thanks!

Edited July 7, 20205 yr by Am4t3uR