Jump to content
Tuts 4 You

Offset Patcher problem c++


robocopip

Recommended Posts

robocopip

Hello guys. Your forum is great and very helpful! Thanks for your work! I am a beginner in reverse engineering with some basic knowledge of C++. I wanted to create a small offset patch in c++. I found a simple template on how to do that. I tried it first with a simple NOP patching and it worked. After I edited it to patch 8 offsets I ended up with a not working-Send report to Microsoft application. I uploaded the edited source code. I don't know much about it, and why that happened. . . Is this the proper way to do it? Is there another better template? I know that there exist some cool patch engines but I would like to experiment and building my own. Thanks in advance!



#include <windows.h>
#include <stdio.h>
#include <stdlib.h> int applyPatch();
const int SIZE = 8; int main(){
applyPatch();
return 0;
}
int applyPatch()
{
int offset[SIZE]={0x5758F,0x57590,0x57591,0x57592,0x57594,0x5792D,0x5792F,0x5F963}; byte patch[SIZE]={0xE9,0x97,0x03,0x90,0x90,0xE4,0x01,0xEB}; int i=0;
int patch_counter = 0; FILE *f; f=fopen("target.exe","r+"); if(f==0)
{
MessageBox(0,"File not found!","Error",MB_ICONERROR);
return 0;
} for(patch_counter = 0; patch_counter < SIZE ; patch_counter++)
{
for(i=0;i<2;i++)
{
fseek(f,offset[patch_counter],SEEK_SET);
fprintf(f,"%c",patch[patch_counter]); // Write patch
offset[patch_counter]++;
}
} fclose(f);
MessageBox(0,"Successfully patched! ","Patched",MB_OK); return 0;
}

Edited by robocopip (see edit history)
  • Like 1
Link to post

#include <stdio.h>

typedef struct {

long oSet;

int hexV;

} PYTE;

static PYTE pytes[2] = {

{0x0000100B,0x08}, //offsets und hexacode values;

{0x0000100C,0x00}, //0x08 für backspace->löscht letztes Nullbyte

//0x00 für das Setzen von einem Nullbyte.

//Sinn: Schönheitmakel der 2 Leerzeichen

//entfernen

};

int main(void){

FILE *patchFile = fopen("prim.exe","r+");

for(int i = 0; i < 2; i++){

fseek(patchFile, pytes.oSet, SEEK_SET);

fwrite(&pytes.hexV, 1, 1, patchFile);

}

fclose(patchFile);

}

Written by winexec

Link to post

probably a million ways to do this that work, but for me I load the file into memory and make the patches in memory via memcpy() then write everything back to a new file. this is a basic code to change (patch) a file EP I use sometimes, but u can easily change the SetNewEP() function to change whatever bytes u want



// desc: Sets a new entry point in the PE header
// args: FileInMem buffer is target to alter
// DWORD NewEP is a dword of the desired entry point
// DWORD StartOfHeader is the file offset of the pe header start
// retn: nothing void SetNewEP(char FileInMem[], DWORD NewEP, DWORD StartOfHeader)
{ memcpy(&FileInMem[StartOfHeader + 0x28], &NewEP, 4); } int main()
{
.... FILE * pFile;
long lSize;
char * TargetBuffer;
size_t result; //pFile = fopen ( "C:\\Program Files\\Mozilla Firefox\\firefox.exe" , "rb" ); printf("\n[+] Opening %s .... ", TargetExecutable);
pFile = fopen ( TargetExecutable, "rb" );
if (pFile==NULL)
{
fputs ("[!] File error",stderr);
_getch ();
exit (1);
} // obtain file size:
fseek (pFile , 0 , SEEK_END); //fseek (pFile , 9 , SEEK_SET ); // get file size
lSize = ftell (pFile); //lSize += 200; // set file back to start
rewind (pFile); printf("\n[+] %s is %i bytes \n", TargetExecutable, lSize); // allocate memory to contain the whole file:
TargetBuffer = (char*) malloc (sizeof(char)* lSize);
if (TargetBuffer == NULL)
{
fputs ("[!] Memory error",stderr);
_getch ();
exit (2);
} // copy the file into the buffer:
result = fread (TargetBuffer, 1, lSize, pFile);
if (result != lSize)
{
fputs ("[!] Reading error",stderr);
_getch ();
exit (3);
} /* the whole file is now loaded in the memory buffer. */
// now changes can be made directly to "file offset" in the buffer char printf("\n[+] File successfully loaded in memory - ready to edit\n...\n..\n.\n");
// Get Entry Point
DWORD EntryPoint = ReturnDword(0x28, TargetBuffer, HeaderStartOffset); BYTE NoS = ReturnByte(0x06, TargetBuffer, HeaderStartOffset);
printf("[+] NumberOfSections = 0x%02x \n", NoS);
DWORD ImBase = ReturnDword(0x34, TargetBuffer, HeaderStartOffset);
printf("[+] ImageBase = 0x%x \n", ImBase); DWORD OEP = EntryPoint + ImBase;
printf("[+] OEP = %08x \n", OEP);
printf("[+] New EP = %08x \n", NewEP); printf("[+] Changing EP to %08x \n", NewEP); SetNewEP(TargetBuffer, NewEP, HeaderStartOffset); printf("[+] EP changed to %08x \n", Nesest); // This will write new file
char* Copier = "targetPATCHED.exe"; ofstream myFile (Copier, ios::out | ios::binary);
myFile.write (TargetBuffer, lSize);
myFile.close(); // terminate
fclose (pFile);
free (TargetBuffer); }
Link to post

For the code that winexec posted, you can load target.exe into a char buffer via fread() then write it back to disk via fwrite, or use filestreams, system("cp files..."), etc as the first lines in main()


 


For the code I posted, there is no need to backup your target.exe because it's being written to a seperate file.


Link to post
robocopip

Thank you so much simple.


 


If there exists another noob like me, I found a source code that backups the target.exe



#include <stdio.h>
#include <memory.h>
#include <malloc.h> #define FILENAME_ORI "target.exe"
#define FILENAME_NEW "target_backup.exe" int main()
{
FILE *r = NULL;
FILE *w = NULL;
char *buf = NULL;
unsigned int size = 0; // open handle for reading
r = fopen(FILENAME_ORI, "rb");
if(r == NULL)
{
printf("Error: fopen\n");
return -1;
} // open handle for writing
w = fopen(FILENAME_NEW, "wb");
if(w == NULL)
{
printf("Error: fopen\n");
fclose(r);
return -2;
} fseek(r, 0, SEEK_END);
size = ftell(r);
rewind(r); // allocate memory for buffer
buf = (char *)malloc(size);
memset(buf, 0, size); // read bytes into buffer
fread(buf, 1, size, r); // write bytes into file
fwrite(buf, 1, size, w); // close handle
fclose(r);
fclose(w); printf("Success\n");
return 0;
}
Edited by robocopip (see edit history)
Link to post
  • 6 years later...
Am4t3uR
Posted (edited)

@robocopip is possible to provide this specific Offset patcher's template as is (without changes)? Or even better the original link of the template?

-Thanks!

Edited by Am4t3uR (see edit history)
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...