Quote:
Originally Posted by mcr4ck
hi
I have a plan and I want to write a loader for it
Because the packed program takes a while to load in memory
I wanted to see how to load loaders for such programs
I will send an example that uses the following functions to load the desired part in memory and then start patching
Function:
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
Module32FirstW
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
|
You need reached in Memory place you want to patch before
)
This is my Loader in Delphi Program (Some function in my programing library but i think you understand)
Code:
function Loader_PEFile(FName: string; FCRC32: string; pbyte: array of Byte;
paddr: array of Cardinal; pSize: DWord): Boolean;
var
StartupInfo: TStartupInfo;
ProcessInfo: TProcessInformation;
i,BytesRead: Cardinal;
Buffer: array[0..4095] of Byte;
begin
Result:= False;
FillChar(Buffer,psize+1, 0);
FillMeMory(@StartupInfo, SizeOf(StartupInfo), 0);
StartupInfo.cb:= SizeOf(StartupInfo);
if CreateProcessA(PChar(FName), nil, nil, nil, FALSE, NORMAL_PRIORITY_CLASS,
nil, nil, StartupInfo, ProcessInfo) then begin
WaitForInputIdle(ProcessInfo.hProcess, 2000); //INFINITE
SuspendThread(ProcessInfo.hThread);
if GetFileCRC32(FName) <> FCRC32 then begin
TerminateProcess(ProcessInfo.hProcess, 0);
MessageBox(0, PChar(ExtractFileName(FName) + ' - Loader is fail!' +#10+ { - Loader is fail!}
'File was patched or other version.'), PChar('WARNING'), 48);
end else begin
if (psize = 1) OR (psize = 0)then begin
for i:= 0 to SizeOf(pbyte)-1 do begin
VirtualProtectEx(ProcessInfo.hProcess,Ptr(paddr[i]),psize,PAGE_EXECUTE_READWRITE,BytesRead);
ReadProcessMemory(ProcessInfo.hProcess,Ptr(paddr[i]),@Buffer[i],psize,BytesRead);
WriteProcessMemory(ProcessInfo.hProcess,Ptr(paddr[i]),@pbyte[i],psize,BytesRead);
end;
end else begin
VirtualProtectEx(ProcessInfo.hProcess,Ptr(paddr[0]),psize,PAGE_EXECUTE_READWRITE,BytesRead);
ReadProcessMemory(ProcessInfo.hProcess,Ptr(paddr[0]),@Buffer,psize,BytesRead);
WriteProcessMemory(ProcessInfo.hProcess,Ptr(paddr[0]),@pbyte,psize,BytesRead);
end;
Sleep(200);
ResumeThread(ProcessInfo.hThread);
Result:= True;
end;
end else
MessageBox(0, PChar(ExtractFileName(FName) + 'FName not found in current dir'), PChar('WARNING'), 48);
end;
BR,
quygia128