flat assembler
Message board for the users of flat assembler.
Index
> Windows > Patching. |
Author |
|
drocon 24 Feb 2005, 07:01
create a file mapping and apply changes directly, OR ... load the executable into a buffer. apply chances to the buffer (memcpy, whatnot), write.
just for time's sake, i would stick with msvcrt, and libc functions, they're smaller anyways. |
|||
24 Feb 2005, 07:01 |
|
liteonish 24 Feb 2005, 12:58
And how would I do this?
_________________ I just own that much. |
|||
24 Feb 2005, 12:58 |
|
liteonish 25 Feb 2005, 01:04
Anyone? JohnFound? I've seen your comments, you know how this is done.
I just need an example of how you could open a file, write several bytes at a certain point, and save/close the file. It can't be that hard can it? _________________ I just own that much. |
|||
25 Feb 2005, 01:04 |
|
JohnFound 25 Feb 2005, 05:21
Well, I'll suggest you to open Win32.hlp and read at least partially chapters about CreateFile, ReadFile, WriteFile (don't read about OpenFile, it is obsolete.)
Then if something doesn't work as you need - ask a question. Regards. |
|||
25 Feb 2005, 05:21 |
|
Vasilev Vjacheslav 25 Feb 2005, 15:55
for patching i prefer code like this:
Code: CreateFile CreateFileMapping MapViewOfFile <modify bytes in memory> UnmapViewOfFile CloseHandle (after CreateFileMapping) CloseHandle (after CreateFile) |
|||
25 Feb 2005, 15:55 |
|
liteonish 26 Feb 2005, 14:01
Thanks guys. I had no clue that a Help file even existed for this. And I think I'm gonna try the Mapping method.
Here's what I have so far: Code: include "%fasminc%/win32ax.inc" .data fileHandle dd ? mapHandle dd ? mapLocation dd ? mapName db "mapHandleName",0 .code rewt: invoke CreateFile,"c:/winmine.exe",GENERIC_READ or GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL mov [fileHandle],eax invoke CreateFileMapping,fileHandle,NULL,PAGE_READWRITE,0,0,mapName mov [mapHandle],eax invoke MapViewOfFile,mapHandle,FILE_MAP_WRITE,0,0,0 mov [mapLocation],eax ;change bytes here invoke FlushViewOfFile,mapLocation,0 invoke UnmapViewOfFile,mapLocation invoke CloseHandle,mapHandle invoke CloseHandle,fileHandle eend: invoke ExitProcess,0 .end rewt Two things are bugging me at the moment. One - when I try to debug the result, it crashes during FileCreate. Says the handle is wrong, or something of the sort. I don't think I'm shoving in the right parameters for any of these. And also, I can't find how to change bytes in the memory. A little hint maybe? _________________ I just own that much. |
|||
26 Feb 2005, 14:01 |
|
marciano 27 Feb 2005, 03:04
I think you should put something like this:
Code: invoke CreateFile,"c:/winmine.exe",GENERIC_READ or GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL or eax,eax jz error_ocurred ;jump if the handle is not valid mov [fileHandle],eax ... ... ... error_ocurred: ;code to handle the error while creating the file Greetings |
|||
27 Feb 2005, 03:04 |
|
liteonish 27 Feb 2005, 03:10
Thanks. I was debugging a bit to see just what the error is. It actually creates a handle, 1C, which is passed on correctly to CreateFileMap, but then it gives an ERROR_INVALID_HANDLE. I think I'm going insane, just a bit.
_________________ I just own that much. |
|||
27 Feb 2005, 03:10 |
|
Joshua 27 Feb 2005, 13:02
Code: include "%fasminc%/win32ax.inc" .data fileHandle dd ? fileName db "c:/winmine.exe",0 mapHandle dd ? mapLocation dd ? mapName db "mapHandleName",0 .code rewt: invoke CreateFile,fileName,GENERIC_READ or GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL mov [fileHandle],eax invoke CreateFileMapping,[fileHandle],NULL,PAGE_READWRITE,0,0,mapName mov [mapHandle],eax invoke MapViewOfFile,[mapHandle],FILE_MAP_WRITE,0,0,0 mov [mapLocation],eax ;change bytes here invoke FlushViewOfFile,[mapLocation],0 invoke UnmapViewOfFile,[mapLocation] invoke CloseHandle,[mapHandle] invoke CloseHandle,[fileHandle] eend: invoke ExitProcess,0 .end rewt |
|||
27 Feb 2005, 13:02 |
|
liteonish 27 Feb 2005, 14:09
Wow. Changing the file name to a label cleans up the final assmebly code so much, and I'm such an idiot, passing on the address instead of the actual handle.
Now to figure out how to change memory values, and I'm done. I think. _________________ I just own that much. |
|||
27 Feb 2005, 14:09 |
|
liteonish 28 Feb 2005, 17:08
Wsprintf seems to do the trick.
Here's my code: Code: include "%fasminc%/win32ax.inc" IDUS = 101 IDJS = 102 IDBS = 201 IDNM = 202 IDBF = 203 IDJF = 204 IDLT = 301 .data fileName db "c:/windows/system32/winmine.exe",0 fileHandle dd ? mapHandle dd ? mapLocation dd ? stringType db "%s",0 stringToWrite dd 0x03E8,0 .code rewt: invoke DialogBoxParam,eax,37,HWND_DESKTOP,DialogProc,0 jmp done eend: invoke ExitProcess,0 fileoperations: invoke CreateFile,fileName,GENERIC_READ or GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL mov [fileHandle],eax invoke CreateFileMapping,[fileHandle],NULL,PAGE_READWRITE,0,0,NULL mov [mapHandle],eax invoke MapViewOfFile,[mapHandle],FILE_MAP_WRITE,0,0,0 mov [mapLocation],eax ;change bytes here add [mapLocation],0x2C3E cinvoke wsprintf,[mapLocation],stringType,stringToWrite sub [mapLocation],0x2C3E invoke FlushViewOfFile,[mapLocation],0 invoke UnmapViewOfFile,[mapLocation] invoke CloseHandle,[mapHandle] invoke CloseHandle,[fileHandle] ret done: invoke MessageBox,0,"Done. Open Minesweeper to see if it worked.","Done!",MB_ICONASTERISK jmp eend proc DialogProc,hwnddlg,msg,wparam,lparam cmp [msg],WM_COMMAND je wmcommand cmp [msg],WM_CLOSE je wmclose wmcommand: cmp [wparam],BN_CLICKED shl 16 + IDUS je wmUS cmp [wparam],BN_CLICKED shl 16 + IDJS je wmJS cmp [wparam],BN_CLICKED shl 16 + IDBS je wmBS cmp [wparam],BN_CLICKED shl 16 + IDNM je wmNM cmp [wparam],BN_CLICKED shl 16 + IDBF je wmBF cmp [wparam],BN_CLICKED shl 16 + IDJF je wmJF cmp [wparam],BN_CLICKED shl 16 + IDLT je wmLT jmp finish wmUS: mov [stringToWrite],0xFFFFFF jmp callfilestuff wmJS: mov [stringToWrite],0xABCD jmp callfilestuff wmBS: mov [stringToWrite],0x1111 jmp callfilestuff wmNM: mov [stringToWrite],0x03E8 jmp callfilestuff wmBF: mov [stringToWrite],0x0111 jmp callfilestuff wmJF: mov [stringToWrite],0x0011 jmp callfilestuff wmLT: mov [stringToWrite],0x01 jmp callfilestuff callfilestuff: call fileoperations wmclose: invoke EndDialog,[hwnddlg],0 mov eax,1 finish: xor eax,eax return endp .rsrc directory RT_DIALOG,dialogs resource dialogs,\ 37,LANG_ENGLISH+SUBLANG_DEFAULT,demonstration dialog demonstration,'Minesweeper crack for XP.',100,100,355,77,DS_MODALFRAME dialogitem 'STATIC','---->>> !!!This only works on WinXP!!! <<<----',175,21,5,300,8,WS_VISIBLE dialogitem 'STATIC','Choose one of the speeds below for the timer.',175,180,5,300,8,WS_VISIBLE dialogitem 'BUTTON','Uber Slow',IDUS,5,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','Just Slow',IDJS,55,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','A Bit Slow',IDBS,105,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','Normal',IDNM,155,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','A Bit Fast',IDBF,205,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','Just Fast',IDJF,255,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','l33t',IDLT,305,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'STATIC','16 thou',5,16,39,300,8,WS_VISIBLE dialogitem 'STATIC','44 secs',55,66,39,300,8,WS_VISIBLE dialogitem 'STATIC','4 secs',105,116,39,300,8,WS_VISIBLE dialogitem 'STATIC','1 sec',155,168,39,300,8,WS_VISIBLE dialogitem 'STATIC','0.2 secs',105,216,39,300,8,WS_VISIBLE dialogitem 'STATIC','0.02 secs',105,264,39,300,8,WS_VISIBLE dialogitem 'STATIC','0!',155,325,39,300,8,WS_VISIBLE dialogitem 'STATIC','(c)2005 liteonish || johnnyspoon@gmail.com || Made with FASM || http://www.flatassembler.net/',175,30,50,300,8,WS_VISIBLE enddialog .end rewt I know I could do a lot more error checking and tweaking, but there's no point really. Compile it if you want to see it work. And thanks for the help. _________________ I just own that much. |
|||
28 Feb 2005, 17:08 |
|
marciano 03 Mar 2005, 02:56
Here I have another way for patching executables; I was working on it today. I don't use a file mapping, I just use the API functions SetFilePointer and WriteFile:
Code: include "%fasminc%/win32ax.inc" IDUS = 101 IDJS = 102 IDBS = 201 IDNM = 202 IDBF = 203 IDJF = 204 IDLT = 301 .data fileName db "c:/windows/system32/winmine.exe",0 fileHandle dd ? stringType db "%s",0 stringToWrite dd 0x03E8,0 tmp dd ? .code rewt: invoke DialogBoxParam,eax,37,HWND_DESKTOP,DialogProc,0 jmp done eend: invoke ExitProcess,0 fileoperations: invoke CreateFile,fileName,GENERIC_READ or GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL mov [fileHandle],eax ;change bytes here invoke SetFilePointer,\ [fileHandle],\ ;file handle 0x2C3E,\ ;offset (low) 0,\ ;offset (high) 0 ;from beginning invoke WriteFile,\ [fileHandle],\ ;file handle stringToWrite,\ ;string to write 2,\ ;number of bytes to write tmp,\ ;bytes written NULL ;overlapped= 0 invoke CloseHandle,[fileHandle] ret done: invoke MessageBox,0,"Done. Open Minesweeper to see if it worked.","Done!",MB_ICONASTERISK jmp eend proc DialogProc,hwnddlg,msg,wparam,lparam cmp [msg],WM_COMMAND je wmcommand cmp [msg],WM_CLOSE je wmclose wmcommand: cmp [wparam],BN_CLICKED shl 16 + IDUS je wmUS cmp [wparam],BN_CLICKED shl 16 + IDJS je wmJS cmp [wparam],BN_CLICKED shl 16 + IDBS je wmBS cmp [wparam],BN_CLICKED shl 16 + IDNM je wmNM cmp [wparam],BN_CLICKED shl 16 + IDBF je wmBF cmp [wparam],BN_CLICKED shl 16 + IDJF je wmJF cmp [wparam],BN_CLICKED shl 16 + IDLT je wmLT jmp finish wmUS: mov [stringToWrite],0xFFFFFF jmp callfilestuff wmJS: mov [stringToWrite],0xABCD jmp callfilestuff wmBS: mov [stringToWrite],0x1111 jmp callfilestuff wmNM: mov [stringToWrite],0x03E8 jmp callfilestuff wmBF: mov [stringToWrite],0x0111 jmp callfilestuff wmJF: mov [stringToWrite],0x0011 jmp callfilestuff wmLT: mov [stringToWrite],0x01 jmp callfilestuff callfilestuff: call fileoperations wmclose: invoke EndDialog,[hwnddlg],0 mov eax,1 finish: xor eax,eax return endp section '.rsrc' resource data readable directory RT_DIALOG,dialogs resource dialogs,\ 37,LANG_ENGLISH+SUBLANG_DEFAULT,demonstration dialog demonstration,'Minesweeper crack for XP.',100,100,355,77,DS_MODALFRAME dialogitem 'STATIC','---->>> !!!This only works on WinXP!!! <<<----',175,21,5,300,8,WS_VISIBLE dialogitem 'STATIC','Choose one of the speeds below for the timer.',175,180,5,300,8,WS_VISIBLE dialogitem 'BUTTON','Uber Slow',IDUS,5,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','Just Slow',IDJS,55,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','A Bit Slow',IDBS,105,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','Normal',IDNM,155,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','A Bit Fast',IDBF,205,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','Just Fast',IDJF,255,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'BUTTON','l33t',IDLT,305,20,45,15,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON dialogitem 'STATIC','16 thou',5,16,39,300,8,WS_VISIBLE dialogitem 'STATIC','44 secs',55,66,39,300,8,WS_VISIBLE dialogitem 'STATIC','4 secs',105,116,39,300,8,WS_VISIBLE dialogitem 'STATIC','1 sec',155,168,39,300,8,WS_VISIBLE dialogitem 'STATIC','0.2 secs',105,216,39,300,8,WS_VISIBLE dialogitem 'STATIC','0.02 secs',105,264,39,300,8,WS_VISIBLE dialogitem 'STATIC','0!',155,325,39,300,8,WS_VISIBLE dialogitem 'STATIC','(c)2005 liteonish || johnnyspoon@gmail.com || Made with FASM || http://www.flatassembler.net/',175,30,50,300,8,WS_VISIBLE enddialog .end rewt Greetings |
|||
03 Mar 2005, 02:56 |
|
liteonish 03 Mar 2005, 04:09
Awesome. That makes life so much easier. Hooray for Windows API calls!
_________________ I just own that much. |
|||
03 Mar 2005, 04:09 |
|
sylwek32 26 May 2006, 05:53
But it doesnt compile under FASM!
|
||||||||||
26 May 2006, 05:53 |
|
sylwek32 26 May 2006, 05:58
so no it works but i had to change return to ret.
Can somebody tell me how to modify the dialog's title ? |
|||
26 May 2006, 05:58 |
|
Vasilev Vjacheslav 26 May 2006, 06:56
SetWindowText
|
|||
26 May 2006, 06:56 |
|
sylwek32 26 May 2006, 07:24
But how to make a patcher which patches a programs title ?
|
|||
26 May 2006, 07:24 |
|
Vasilev Vjacheslav 26 May 2006, 14:26
FindWindow + SetWindowText
|
|||
26 May 2006, 14:26 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.