Jump to content
Tuts 4 You

Inline Patch

Scale

By Scale
in Programming and Coding

Recommended Posts

Scale

Scale

Posted
Posted

Thanks to Lena for putting some knowledge behind my reserving i used just do things now i actually understand what i do :P

And thanks fot subzero for the inlining tutorial now for my question:

I inlined an app like this:

004BA6E1 . 68 51A74B00 PUSH ssc4.004BA751 ; /pModule = "GDI32.dll"

004BA6E6 . FF15 A4114C00 CALL DWORD PTR DS:[<&KERNEL32.GetModuleHandleA>] ; \GetModuleHandleA

004BA6EC . 68 C5A74B00 PUSH ssc4.004BA7C5 ; /ProcNameOrOrdinal = "GetDIBits"

004BA6F1 . 50 PUSH EAX ; |hModule = NULL

004BA6F2 . FF15 A0114C00 CALL DWORD PTR DS:[<&KERNEL32.GetProcAddress>] ; \GetProcAddress

004BA6F8 . 36:A3 60374C00 MOV DWORD PTR SS:[4C3760],EAX

004BA6FE . 68 62A74B00 PUSH ssc4.004BA762 ; /pModule = "Kernel32.dll"

004BA703 . FF15 A4114C00 CALL DWORD PTR DS:[<&KERNEL32.GetModuleHandleA>] ; \GetModuleHandleA

004BA709 . 68 6FA74B00 PUSH ssc4.004BA76F ; /ProcNameOrOrdinal = "VirtualProtect"

004BA70E . 50 PUSH EAX ; |hModule = NULL

004BA70F . FF15 A0114C00 CALL DWORD PTR DS:[<&KERNEL32.GetProcAddress>] ; \GetProcAddress

004BA715 . 68 70374C00 PUSH ssc4.004C3770

004BA71A . 6A 40 PUSH 40

004BA71C . 6A 12 PUSH 12

004BA71E . FF35 60374C00 PUSH DWORD PTR DS:[4C3760]

004BA724 . FFD0 CALL EAX

004BA726 . 36:A1 60374C00 MOV EAX,DWORD PTR SS:[4C3760]

004BA72C . C700 FF250000 MOV DWORD PTR DS:[EAX],25FF

004BA732 . C740 02 81A74B00 MOV DWORD PTR DS:[EAX+2],ssc4.004BA781

004BA739 . 61 POPAD

004BA73A . FE05 70374C00 INC BYTE PTR DS:[4C3770] //to not rerun in inline code

004BA740 EB 6A JMP SHORT ssc4.004BA7AC

Now the line writes a jump i want to make an alarm of some kind at this location what is the most simple way to do this?

Thanks.

Link to comment
  • 3 weeks later...
Killboy

Killboy

Posted
Posted
y dont u put some chiptune....

WTF is this for a suggestion ? Have you ever tried to inline an app adding resources with chiptunes for creating an ALARM BEEP lol

Better think of what you post before doing it ;)

I'm not trying to threaten you or whatever, but offense intended, this is just plain stupid :/

Don't misunderstand me, but I cannot imagine you or anyone else using a chiptune in an inline patch.

An inline patch is made in oder to save space ? having to ship an unpacked, huge file.

If you like chipmusic, create patches or keygens :)

Link to comment
revert

revert

Posted
Posted

One API you could use is:

BOOL Beep(	DWORD dwFreq,	// sound frequency, in hertz 
	DWORD dwDuration 	// sound duration, in milliseconds 
   );

Its located in kernel32.dll. But if you want your modification to run on other computers you must make sure the this API is part of the IAT. If need be you can add this API with IDD King or some other PE tool.

Link to comment
britedream

britedream

Posted
Posted

Hi,

you can use my plugin to findout the api, smply check partial and enter the word beep, double click on the item you want , it will give dll name , function address and name.

here is the link:http://www.exetools.com/forum/showthread.php?t=10179

Link to comment
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...