Jump to content
Tuts 4 You

Offset Patcher problem c++


Recommended Posts

Hello guys. Your forum is great and very helpful! Thanks for your work! I am a beginner in reverse engineering with some basic knowledge of C++. I wanted to create a small offset patch in c++. I found a simple template on how to do that. I tried it first with a simple NOP patching and it worked. After I edited it to patch 8 offsets I ended up with a not working-Send report to Microsoft application. I uploaded the edited source code. I don't know much about it, and why that happened. . . Is this the proper way to do it? Is there another better template? I know that there exist some cool patch engines but I would like to experiment and building my own. Thanks in advance!

#include <windows.h>
#include <stdio.h>
#include <stdlib.h> int applyPatch();
const int SIZE = 8; int main(){
return 0;
int applyPatch()
int offset[SIZE]={0x5758F,0x57590,0x57591,0x57592,0x57594,0x5792D,0x5792F,0x5F963}; byte patch[SIZE]={0xE9,0x97,0x03,0x90,0x90,0xE4,0x01,0xEB}; int i=0;
int patch_counter = 0; FILE *f; f=fopen("target.exe","r+"); if(f==0)
MessageBox(0,"File not found!","Error",MB_ICONERROR);
return 0;
} for(patch_counter = 0; patch_counter < SIZE ; patch_counter++)
fprintf(f,"%c",patch[patch_counter]); // Write patch
} fclose(f);
MessageBox(0,"Successfully patched! ","Patched",MB_OK); return 0;

Edited by robocopip
  • Like 1
Link to comment

#include <stdio.h>

typedef struct {

long oSet;

int hexV;


static PYTE pytes[2] = {

{0x0000100B,0x08}, //offsets und hexacode values;

{0x0000100C,0x00}, //0x08 für backspace->löscht letztes Nullbyte

//0x00 für das Setzen von einem Nullbyte.

//Sinn: Schönheitmakel der 2 Leerzeichen



int main(void){

FILE *patchFile = fopen("prim.exe","r+");

for(int i = 0; i < 2; i++){

fseek(patchFile, pytes.oSet, SEEK_SET);

fwrite(&pytes.hexV, 1, 1, patchFile);




Written by winexec

Link to comment

probably a million ways to do this that work, but for me I load the file into memory and make the patches in memory via memcpy() then write everything back to a new file. this is a basic code to change (patch) a file EP I use sometimes, but u can easily change the SetNewEP() function to change whatever bytes u want

// desc: Sets a new entry point in the PE header
// args: FileInMem buffer is target to alter
// DWORD NewEP is a dword of the desired entry point
// DWORD StartOfHeader is the file offset of the pe header start
// retn: nothing void SetNewEP(char FileInMem[], DWORD NewEP, DWORD StartOfHeader)
{ memcpy(&FileInMem[StartOfHeader + 0x28], &NewEP, 4); } int main()
.... FILE * pFile;
long lSize;
char * TargetBuffer;
size_t result; //pFile = fopen ( "C:\\Program Files\\Mozilla Firefox\\firefox.exe" , "rb" ); printf("\n[+] Opening %s .... ", TargetExecutable);
pFile = fopen ( TargetExecutable, "rb" );
if (pFile==NULL)
fputs ("[!] File error",stderr);
_getch ();
exit (1);
} // obtain file size:
fseek (pFile , 0 , SEEK_END); //fseek (pFile , 9 , SEEK_SET ); // get file size
lSize = ftell (pFile); //lSize += 200; // set file back to start
rewind (pFile); printf("\n[+] %s is %i bytes \n", TargetExecutable, lSize); // allocate memory to contain the whole file:
TargetBuffer = (char*) malloc (sizeof(char)* lSize);
if (TargetBuffer == NULL)
fputs ("[!] Memory error",stderr);
_getch ();
exit (2);
} // copy the file into the buffer:
result = fread (TargetBuffer, 1, lSize, pFile);
if (result != lSize)
fputs ("[!] Reading error",stderr);
_getch ();
exit (3);
} /* the whole file is now loaded in the memory buffer. */
// now changes can be made directly to "file offset" in the buffer char printf("\n[+] File successfully loaded in memory - ready to edit\n...\n..\n.\n");
// Get Entry Point
DWORD EntryPoint = ReturnDword(0x28, TargetBuffer, HeaderStartOffset); BYTE NoS = ReturnByte(0x06, TargetBuffer, HeaderStartOffset);
printf("[+] NumberOfSections = 0x%02x \n", NoS);
DWORD ImBase = ReturnDword(0x34, TargetBuffer, HeaderStartOffset);
printf("[+] ImageBase = 0x%x \n", ImBase); DWORD OEP = EntryPoint + ImBase;
printf("[+] OEP = %08x \n", OEP);
printf("[+] New EP = %08x \n", NewEP); printf("[+] Changing EP to %08x \n", NewEP); SetNewEP(TargetBuffer, NewEP, HeaderStartOffset); printf("[+] EP changed to %08x \n", Nesest); // This will write new file
char* Copier = "targetPATCHED.exe"; ofstream myFile (Copier, ios::out | ios::binary);
myFile.write (TargetBuffer, lSize);
myFile.close(); // terminate
fclose (pFile);
free (TargetBuffer); }
Link to comment

For the code that winexec posted, you can load target.exe into a char buffer via fread() then write it back to disk via fwrite, or use filestreams, system("cp files..."), etc as the first lines in main()


For the code I posted, there is no need to backup your target.exe because it's being written to a seperate file.

Link to comment

Thank you so much simple.


If there exists another noob like me, I found a source code that backups the target.exe

#include <stdio.h>
#include <memory.h>
#include <malloc.h> #define FILENAME_ORI "target.exe"
#define FILENAME_NEW "target_backup.exe" int main()
char *buf = NULL;
unsigned int size = 0; // open handle for reading
r = fopen(FILENAME_ORI, "rb");
if(r == NULL)
printf("Error: fopen\n");
return -1;
} // open handle for writing
w = fopen(FILENAME_NEW, "wb");
if(w == NULL)
printf("Error: fopen\n");
return -2;
} fseek(r, 0, SEEK_END);
size = ftell(r);
rewind(r); // allocate memory for buffer
buf = (char *)malloc(size);
memset(buf, 0, size); // read bytes into buffer
fread(buf, 1, size, r); // write bytes into file
fwrite(buf, 1, size, w); // close handle
fclose(w); printf("Success\n");
return 0;
Edited by robocopip
Link to comment
  • 6 years later...

@robocopip is possible to provide this specific Offset patcher's template as is (without changes)? Or even better the original link of the template?


Edited by Am4t3uR
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...