Thread: Inline patch or loader for Asprotec 1,24-1.3????
View Single Post
  #4  
Old 12-18-2004, 22:48
diablo2oo2's Avatar
diablo2oo2 diablo2oo2 is offline
Family
  
Join Date: Mar 2004
Posts: 232
Rept. Given: 7
Rept. Rcvd 111 Times in 26 Posts
Thanks Given: 2
Thanks Rcvd at 20 Times in 7 Posts
diablo2oo2 Reputation: 100-199 diablo2oo2 Reputation: 100-199
ABEL Loader Maker can make asprotect loader. it patch when he find the window
of the app.

another little trick i use to make asprotect loaders:
i code a loader which wait till a value is written to memory, after the
crc check

so it look like this in asm

Code:
invoke CreateProcess,addr filename, NULL, NULL, NULL, NULL, NULL,
			      NULL, NULL, ADDR Startup, ADDR processinfo
	.IF eax == NULL
		invoke MessageBox, NULL,SADD ("Can't create process"),ADDR filename, MB_ICONEXCLAMATION
	.ELSE	
		@readagain:
		invoke ReadProcessMemory, processinfo.hProcess,04BB014h,addr ReadByte, 4, NULL
		.if dword ptr[ReadByte]==00401270h	;test value ...is crc check over?
			;now patch....
			invoke WriteProcessMemory, processinfo.hProcess, 0043CFC7h, ADDR NewBytes,SIZEOF NewBytes, NULL
			invoke WriteProcessMemory, processinfo.hProcess, 00490a9ch, ADDR NewBytes2,SIZEOF NewBytes2, NULL
		.else
			jmp @readagain	
		.endif	
	.ENDIF
__________________
Thinking In Bytes
Reply With Quote