; http://www.betamaster.us/blog/?p=757
format PE GUI 4.0
include 'D:\FASM\INCLUDE\WIN32AX.INC'
entry start
;================== code =====================
section '.code' code readable executable
;=============================================
proc start
invoke FindWindow, NULL, WindowTitle ; Find the window titled ‘Notepad’
test eax,eax ; Test whether a window with that title was found or not
jnz .ju1 ; Don’t jump = The window was not found
invoke MessageBox,0, message1, _caption, MB_OK ; – Display an error message (Window not found)
jmp .exit ; – Exit the application
.ju1: ; Jumped = The window was found
invoke GetWindowThreadProcessId, eax, ProcID ; Get the ProcessID via the window handle
invoke OpenProcess, 0x1F0FFF, FALSE, [ProcID] ; Open the process using PROCESS_ALL_ACCESS (0x1F0FFF) and get a handle
mov dword[ProcHandle],eax ; Save the handle
; VirtualAllocEx: Reserves/commits a region of memory within the virtual address space of out target process
; We should do this in order to avoid potential access violations (which might cause crashes)
invoke VirtualAllocEx,dword [ProcHandle], startAddress, _patch.size, MEM_COMMIT, PAGE_READWRITE
cmp eax, 0 ; EAX == 0 : Failed to reserve the memory region
jnz .cont ; EAX != 0 : Continue with further steps
invoke MessageBox,0, message4, _caption, MB_OK ; Display an error: VirtualAllocEx failed to reserve the memory region
jmp .exit ; Exit the application
.cont:
invoke WriteProcessMemory, dword[ProcHandle], startAddress, patchBytes, _patch.size, patchResult
cmp [patchResult],_patch.size ; Compare the number of patched bytes with the length of our new bytes
je .ju2 ; Don’t jump = Failed to patch the target
invoke MessageBox,0, message3, _caption, MB_OK ; – Display an error message (An error occured)
jmp .exit ; – Exit the application
.ju2: ; Jumped = Target patched successfully.
invoke MessageBox,0, message2, _caption, MB_OK ; Display: The target has been patched successfully
.exit: ; Jumper: Here we’re going to exit our application
invoke ExitProcess, 0 ; ExitProcess
endp
;=================== data ====================
section '.data' data readable writeable
;=============================================
WindowTitle db 'Unbenannt - Editor', 0
ProcID dd ?
ProcHandle dd ?
_caption db 'Information', 0
message1 db 'Unable to find the window', 0
message2 db 'Patched successfully',0
message3 db 'Patching: An error occured',0
message4 db 'VirtualAllocEx failed',0
startAddress dd 0x00401090 ; The memory address we’re starting to write from
patchBytes db 0x2F, 0x66 ; These bytes will be written into the memory of our target executable
_patch.size = $ - patchBytes ; Holds the number of bytes we’re going to write
patchResult dd ? ; Holds the number of successfully written bytes
;=============================================
section '.idata' import data readable
;=============================================
library kernel32,'KERNEL32.DLL',\
user32,'USER32.DLL'
import kernel32,\
ExitProcess,'ExitProcess',\
OpenProcess,'OpenProcess',\
VirtualAllocEx, 'VirtualAllocEx',\
WriteProcessMemory,'WriteProcessMemory'
import user32,\
FindWindow,'FindWindowA',\
GetWindowThreadProcessId,'GetWindowThreadProcessId',\
MessageBox,'MessageBoxA'
I found a well explained example about WriteProcessMemory but the coder did put some bugs inside the code. Some errors i did fix but is not enough, the byte patching does not work for me