want to patch a byte ?

[Cyberwarfare]

Using C programming I want to manually patch a byte in a Application.

My question is how to do that ? Any guide ? or example code ? anything appreciated !

Any help appreciated !

NOTE: I have PE understanding and I am a C programmer too.

 

Thanks

Edited April 11, 2016 by Cyberwarfare

[Kurapica]

So Where is the question ?!

[Cyberwarfare]

14 hours ago, Kurapica said:

So Where is the question ?!

Please check again!

[Kurapica]

https://tuts4you.com/download.php?list.97

[CodeExplorer]

"Using C programming I want to manually patch a byte in a Application."
1. For patching files use WriteFile function
2. For patching memory use WriteProcessMemory function
Don't know which one (1. or 2. ) is needed!
 

[tonyweb]

@Cyberwarfare
If you are a C programmer I agree with Kurapica ... what's the question?
It's enough to use standard I/O functions (fopen, fread, fwrite, fseek, ecc.) to write at a specific location.

You can, of course, use Windows API functions too as CodeCracker suggested.

Regards,
Tony

 

[Kurapica]

Maybe he is asking about how to find that byte ?

because this is the hard part.

[Nemo]

to find the byte you would read the pe header sections info to get the file offset for the virtual address.. if you wanted 402000 virtual address patched i.e. in code section 401000- whatever... you need to read raw offset of code section in file header say 0x400 is code section in file, 402000-401000 = 1000.. 0x400 + 1000 = 0x1400 raw offset patch.. Maybe someone else could explain it better than me.. 

[Kurapica]

I meant the right byte to patch, not the offset of that byte

no idea what he wants exactly, let's wait and see.

[atom0s]

If you are focused on cross-platform support, using the 'f' file functions would be your best bet:
fopen, fclose, fread, fwrite, fseek, ftell and so on.
(Visual Studio offers a 'safe' version of fopen named fopen_s for Windows.)

If you are focused on Windows development and want to be able to structure out the file as well as even share the memory while editing it easily, you can use the Win32 API such as:
CreateFile, CreateFileMapping, MapViewOfFile, UnmapViewOfFile, CloseHandle

Using the 'f' functions, you can change a byte of data by either doing:

1. Use fseek to set the file pointer position and then fwrite to write the data you wish to replace with.
   • This method is faster than the below one and has a lot less overhead.
2. Use fread to read the full file into a buffer. Afterward edit the byte within the buffer of data, then write the buffer back to the file.
   • This method is slower and has a lot more overhead as you are reading the full file into memory to edit 1 thing.

Using the Win32 API, you can overwrite the data via casting. Since MapViewOfFile creates a pointer to the files data, you have direct access to the full file. So after calling MapViewOfFile and obtaining the file pointer, you can do things such as:

auto filePointer = ::MapViewOfFile(fileMapping, FILE_MAP_READ|FILE_MAP_WRITE, , , );
IMAGE_DOS_HEADER* dosHeader = *(IMAGE_DOS_HEADER*)filePointer;

// Read from the header..
auto ntHeadersOffset = dosHeader->e_lfanew;

// Write to the header..
dosHeader->e_lfanew = ;

// Read from the file directly.. (At file offset 0x10AC)
auto someData = *(unsigned char*)((DWORD)filePointer + 0x10AC);

// Write to the file directly.. (At file offset 0x10AC)
*(unsigned char*)((DWORD)filePointer + 0x10AC) = 254;

When using the Win32 API, when you use UnmapViewOfFile, it will flush your edits to the actual file. You can also use the FlushViewOfFile API to force-flush your edits as you make them if you feel the need to.

[Cyberwarfare]

On ‎4‎/‎13‎/‎2016 at 0:26 AM, atom0s said:

If you are focused on cross-platform support, using the 'f' file functions would be your best bet:
fopen, fclose, fread, fwrite, fseek, ftell and so on.
(Visual Studio offers a 'safe' version of fopen named fopen_s for Windows.)

If you are focused on Windows development and want to be able to structure out the file as well as even share the memory while editing it easily, you can use the Win32 API such as:
CreateFile, CreateFileMapping, MapViewOfFile, UnmapViewOfFile, CloseHandle

Using the 'f' functions, you can change a byte of data by either doing:

1. Use fseek to set the file pointer position and then fwrite to write the data you wish to replace with.
   • This method is faster than the below one and has a lot less overhead.
2. Use fread to read the full file into a buffer. Afterward edit the byte within the buffer of data, then write the buffer back to the file.
   • This method is slower and has a lot more overhead as you are reading the full file into memory to edit 1 thing.

Using the Win32 API, you can overwrite the data via casting. Since MapViewOfFile creates a pointer to the files data, you have direct access to the full file. So after calling MapViewOfFile and obtaining the file pointer, you can do things such as:

auto filePointer = ::MapViewOfFile(fileMapping, FILE_MAP_READ|FILE_MAP_WRITE, , , );
IMAGE_DOS_HEADER* dosHeader = *(IMAGE_DOS_HEADER*)filePointer;

// Read from the header..
auto ntHeadersOffset = dosHeader->e_lfanew;

// Write to the header..
dosHeader->e_lfanew = ;

// Read from the file directly.. (At file offset 0x10AC)
auto someData = *(unsigned char*)((DWORD)filePointer + 0x10AC);

// Write to the file directly.. (At file offset 0x10AC)
*(unsigned char*)((DWORD)filePointer + 0x10AC) = 254;

When using the Win32 API, when you use UnmapViewOfFile, it will flush your edits to the actual file. You can also use the FlushViewOfFile API to force-flush your edits as you make them if you feel the need to.

This helps !

[Cyberwarfare]

On ‎4‎/‎13‎/‎2016 at 2:49 PM, Kurapica said:

I meant the right byte to patch, not the offset of that byte

no idea what he wants exactly, let's wait and see.

Thank your buddy for your concern !