View Single Post
  #7  
Old 02-04-2021, 17:28
quygia128's Avatar
quygia128 quygia128 is offline
Family
 
Join Date: Apr 2011
Location: SomeWhere
Posts: 109
Rept. Given: 242
Rept. Rcvd 182 Times in 47 Posts
Thanks Given: 121
Thanks Rcvd at 30 Times in 19 Posts
quygia128 Reputation: 100-199 quygia128 Reputation: 100-199
Quote:
Originally Posted by mcr4ck View Post
hi

I have a plan and I want to write a loader for it

Because the packed program takes a while to load in memory

I wanted to see how to load loaders for such programs

I will send an example that uses the following functions to load the desired part in memory and then start patching

Function:

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
Module32FirstW
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
You need reached in Memory place you want to patch before )
This is my Loader in Delphi Program (Some function in my programing library but i think you understand)

Code:
function Loader_PEFile(FName: string; FCRC32: string; pbyte: array of Byte;
                paddr: array of Cardinal; pSize: DWord): Boolean;
var
  StartupInfo: TStartupInfo;
  ProcessInfo: TProcessInformation;
  i,BytesRead: Cardinal;
  Buffer: array[0..4095] of Byte;

begin
  Result:= False;
  FillChar(Buffer,psize+1, 0);
  FillMeMory(@StartupInfo, SizeOf(StartupInfo), 0);
  StartupInfo.cb:= SizeOf(StartupInfo);
  if CreateProcessA(PChar(FName), nil, nil, nil, FALSE, NORMAL_PRIORITY_CLASS,
     nil, nil, StartupInfo, ProcessInfo) then begin
     WaitForInputIdle(ProcessInfo.hProcess, 2000); //INFINITE
     SuspendThread(ProcessInfo.hThread);
     if GetFileCRC32(FName) <> FCRC32 then begin
        TerminateProcess(ProcessInfo.hProcess, 0);
        MessageBox(0, PChar(ExtractFileName(FName) + ' - Loader is fail!' +#10+ { - Loader is fail!}
        'File was patched or other version.'), PChar('WARNING'), 48);
     end else begin

        if (psize = 1) OR (psize = 0)then begin
          for i:= 0 to SizeOf(pbyte)-1 do begin
            VirtualProtectEx(ProcessInfo.hProcess,Ptr(paddr[i]),psize,PAGE_EXECUTE_READWRITE,BytesRead);
            ReadProcessMemory(ProcessInfo.hProcess,Ptr(paddr[i]),@Buffer[i],psize,BytesRead);
            WriteProcessMemory(ProcessInfo.hProcess,Ptr(paddr[i]),@pbyte[i],psize,BytesRead);
          end;
        end else begin
          VirtualProtectEx(ProcessInfo.hProcess,Ptr(paddr[0]),psize,PAGE_EXECUTE_READWRITE,BytesRead);
          ReadProcessMemory(ProcessInfo.hProcess,Ptr(paddr[0]),@Buffer,psize,BytesRead);
          WriteProcessMemory(ProcessInfo.hProcess,Ptr(paddr[0]),@pbyte,psize,BytesRead);
        end;
        Sleep(200);
        ResumeThread(ProcessInfo.hThread);
        Result:= True;
     end;
  end else
  MessageBox(0, PChar(ExtractFileName(FName) + 'FName not found in current dir'), PChar('WARNING'), 48);
end;
BR,
quygia128
Reply With Quote
The Following 4 Users Say Thank You to quygia128 For This Useful Post:
countryboy (09-22-2021), mcr4ck (02-04-2021), niculaita (07-22-2021), sh3dow (07-26-2021)