#1
|
|||
|
|||
Help - I Need some direction
Alright, i was just hoping someone could point me in the right direction here. I have a program with a common imported function across multiple versions that do the exact same thing but is located in different sections of the program depending on the version of it. There is a compare instruction right after the call that i'm trying to patch. Now what i'm wondering is if its possible and were to start at trying to create a patch that scanned the executable for the call to the imported function and then patched the next few bytes of the executable with a jmp versus a jmp if equal instruction. This would intern make one patch work across the board for about 15 different revisions of the same application. Please if you have any ideas help me out.
|
#2
|
||||
|
||||
use codefusion with patterns and rearch&replace on the whole file..
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#3
|
|||
|
|||
that wouldn't do me any good, i'm trying to write a program in c++ that can scan executables(same one just different versions) for the location of a call to an imported function from kernel32 and then patch the jump instruction following the compare instruction thats right after the call to the imported function.
Heres an example: Call [00605AC0] - FindWindowA cmp eax, ebx je 0047e8c4 Now lets say FindWindowA was only in one part of the program but over different revisions this position changed offset wise but the overall assembled code was always the same. I want to be able to scan the file for this one call to FindWindowA and then patch the je instruction to a jmp instruction. This isn't the exact api call or section of code i want to change its just an example so you can better understand what i mean a little better. |
#4
|
||||
|
||||
basically you have to get from the export table the address for the findwindow, then translate in hex the call and the subsequent code and make a binary read of the code area of the file..
not much c++, rather a plain C stupid algo.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#5
|
|||
|
|||
right now i honestly just feel like an idiot because i was just totally over looking something in the function call, your post helped me realize this so thank you for the feedback
|
Thread Tools | |
Display Modes | |
|
|