I did not catch you
Can you explain in full?
Or compile this at all and tell me the method
Thankful

it is a precompiled header file

look at

BR

I din't notice
If possible, compile this completely and send it to me
Because I do not know much about C or C++ language
Thanks to friends who know me for compiling this and sending it to me

See example - Loader for WIN32-PE (no ASLR!) - Sources for MSVC.

For packed program set in source code:
- Then waits 1 sec while program unpacks itself.

Thanks a lot
But I want to compile this code
Did anyone compile this code?

Parts are missing
...
...

Why do you say parts are missing?
please help

Because parts are missing.
U must have "detours" package with "detours.lib" file for compile this code.
As minimum.

And then replace strings "???????" with valid values.

But.
See my previous post with example of WIN32-PE patch-loader.
Its simple and independent code, works fine on several tasks.

Detours package i do not use, no need.

"detours" package
https://mega.nz/file/SAwS2TzA#RHRKsixO1Eq2vP1589raQrB3sJYoWOFbHHH8fHAMl-A

#include <iostream> // Standard C++ library for console I/O
#include <string> // Standard C++ Library for string manip

#include <Windows.h> // WinAPI Header
#include <TlHelp32.h> //WinAPI Process API


// use this if you want to read the executable from disk
HANDLE MapFileToMemory(LPCSTR filename)
{
std::streampos size;
std::fstream file(filename, std::ios::in | std::ios::binary | std::ios::ate);
if (file.is_open())
{
size = file.tellg();

char* Memblock = new char[size]();

file.seekg(0, std::ios::beg);
file.read(Memblock, size);
file.close();

return Memblock;
}
return 0;
}

int RunPortableExecutable(void* Image)
{
IMAGE_DOS_HEADER* DOSHeader; // For Nt DOS Header symbols
IMAGE_NT_HEADERS* NtHeader; // For Nt PE Header objects & symbols
IMAGE_SECTION_HEADER* SectionHeader;

PROCESS_INFORMATION PI;
STARTUPINFOA SI;

CONTEXT* CTX;

DWORD* ImageBase; //Base address of the image
void* pImageBase; // Pointer to the image base

int count;
char CurrentFilePath[1024];

DOSHeader = PIMAGE_DOS_HEADER(Image); // Initialize Variable
NtHeader = PIMAGE_NT_HEADERS(DWORD(Image) + DOSHeader->e_lfanew); // Initialize

GetModuleFileNameA(0, CurrentFilePath, 1024); // path to current executable

if (NtHeader->Signature == IMAGE_NT_SIGNATURE) // Check if image is a PE File.
{
ZeroMemory(&PI, sizeof(PI)); // Null the memory
ZeroMemory(&SI, sizeof(SI)); // Null the memory

if (CreateProcessA(CurrentFilePath, NULL, NULL, NULL, FALSE,
CREATE_SUSPENDED, NULL, NULL, &SI, &PI)) // Create a new instance of current
//process in suspended state, for the new image.
{
// Allocate memory for the context.
CTX = LPCONTEXT(VirtualAlloc(NULL, sizeof(CTX), MEM_COMMIT, PAGE_READWRITE));
CTX->ContextFlags = CONTEXT_FULL; // Context is allocated

if (GetThreadContext(PI.hThread, LPCONTEXT(CTX))) //if context is in thread
{
// Read instructions
ReadProcessMemory(PI.hProcess, LPCVOID(CTX->Ebx + 8), LPVOID(&ImageBase), 4, 0);

pImageBase = VirtualAllocEx(PI.hProcess, LPVOID(NtHeader->OptionalHeader.ImageBase),
NtHeader->OptionalHeader.SizeOfImage, 0x3000, PAGE_EXECUTE_READWRITE);

// Write the image to the process
WriteProcessMemory(PI.hProcess, pImageBase, Image, NtHeader->OptionalHeader.SizeOfHeaders, NULL);

for (count = 0; count < NtHeader->FileHeader.NumberOfSections; count++)
{
SectionHeader = PIMAGE_SECTION_HEADER(DWORD(Image) + DOSHeader->e_lfanew + 248 + (count * 40));

WriteProcessMemory(PI.hProcess, LPVOID(DWORD(pImageBase) + SectionHeader->VirtualAddress),
LPVOID(DWORD(Image) + SectionHeader->PointerToRawData), SectionHeader->SizeOfRawData, 0);
}
WriteProcessMemory(PI.hProcess, LPVOID(CTX->Ebx + 8),
LPVOID(&NtHeader->OptionalHeader.ImageBase), 4, 0);

// Move address of entry point to the eax register
CTX->Eax = DWORD(pImageBase) + NtHeader->OptionalHeader.AddressOfEntryPoint;
SetThreadContext(PI.hThread, LPCONTEXT(CTX)); // Set the context
ResumeThread(PI.hThread); //´Start the process/call main()

return 0; // Operation was successful.
}
}
}
}

// enter valid bytes of a program here.
unsigned char rawData[37376] = {
0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0x00, 0x00, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};

int main()
{
RunPortableExecutable(rawData); // run executable from the array
getchar();
}

But this is a basic example of a RunPe/Process Hollowing related to PE injecton not for the purpose of patch bytes at runtime

google it github is your friend.

Activation Posted Here: Loader V2.1 + Extra Features + Video : by countryboy
 

Hi, mcr4ck

I am countryboy,

I wrote a loader many years ago, the latest Release is posted here ...
There are 2 Versions 32bit, and 64bit, and Loader can also be used as Trial Reset.
I will be releasing a graphical Interface shortly ...

If anyone is interested I wrote a Tutorial, and posted it on CGPersia, and I can post it here if Interested.
The Tutorial is from many years ago, and most of it is Images. I have made a lot of changes over the years.
The code contains all the basic code, and is in Lazarus Pascal.

Have a great day, countryboy

HOW THE ACTIVATION LOADER WORKS :

I wrote the v1 Loader Code many years ago for HitFilm 64 bit, and BuildBox 32 bit, because no 64 bit Loaders were available.
HitFilm can be run in a Debugger, and Code changed, but changes can't be saved, because all Files check others CRC.
BuildBox is slow, unpacks in memory, checks CRC of Patched Network.dll, and checks Code Segment Memory CRC of itself.

LOADER START : Open LoaderConfig.TXT : Set Defaults, Check version, File Size, Setup messages, and minimize Window.
KILL TASK( Program to Patch ) in case it's hung in memory from a previous run.
KILL TASK( START ) : Protection Guards, or Crack protection programs loaded by Program to Patch. Needed in HitFilm.
Message Box( START ), RUN( START ), RUN REGISTRY( Start only ), RUN( BEFOREPATCH ), and after Registry is done.

ASLR : Windows loads programs into random selected Memory requiring search for Program Name to get Segment offset.
GOD LIKE PRIVILEGES are requested to Debug, and change programs memory before loading, and starting.
TIME CRITICAL : Need to wait for Windows to read Hard drive, and load program into Memory before starting search.
Windows Function WaitForSingleObject() waits ReadmemWaitTime : max time in milliseconds to load, and exist in memory,
and Windows Function WaitForDebugEvent waits additional 10 milliseconds maximum to finish loading.

LET THE SEARCH BEGIN : Windows Function EnumProcessModules() used to search for Programs Name in Memory.
While not found : If error then wait 1 millisecond before trying again & if not found after ASLRmemory_MaxAttempts=5000
Set Image Base to Default ASLR, and create a Image Base not found message after 5 seconds the Attempt count.
PACKED SLOW LOADING PROGRAMS : use Windows Function WaitForInputIdle() to wait for program to unpack itself.

IMAGE BASE FOUND : Program Thread is suspended for Patching, and any Error Messages saved.
LoaderConfig.txt opened, and list of Patches done. Code verified to exist before NewCode is written at Offset.
If a Error occurs, Patch number is saved, and Patching continues. Critical Errors are displayed later in a Message Box.
While Thread is suspended : Error messages displayed, and any RUN( AFTERPATCH ), or MsgBox( AFTERPATCH ) are done.

CONTINUE : Resume Thread with Program continuing to Load. Restore any defaults changed like Normal Dos video.
If Close Pop Up Box then Loop through list, close WindowName, and all numerical WindowName1 starting with 1,2,3
If WaitTime= Default wait 35 seconds Maximum for Pop up to load. HitFilm Pop up slow due to Loading Internet images.
BEFORE QUIT : KILL TASK( END ) Kill Programs, RUN( END ) Start Programs, or Message Box( END ), and QUIT !