Author Topic: Patch my code  (Read 16290 times)

Magnum

  • Member
  • *****
  • Posts: 2308
Patch my code
« on: December 01, 2012, 12:37:45 PM »
I would like to learn how to patch and save an exe that I have made and opened and have it save the changes.



Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

qWord

  • Member
  • *****
  • Posts: 1473
  • The base type of a type is the type itself
    • SmplMath macros
Re: Patch my code
« Reply #1 on: December 01, 2012, 12:55:18 PM »
MREAL macros - when you need floating point arithmetic while assembling!

Magnum

  • Member
  • *****
  • Posts: 2308
Re: Patch my code
« Reply #2 on: December 01, 2012, 01:41:20 PM »
I read the rules.

Nothing in there about what I am asking for.

There is even a similar message in the old forum archive asked by Japheth.

Andy

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

jj2007

  • Member
  • *****
  • Posts: 10087
  • Assembler is fun ;-)
    • MasmBasic
Re: Patch my code
« Reply #3 on: December 01, 2012, 06:22:25 PM »
Surely, Andy, at your age you should not start to compete with the script kiddies :eusa_naughty:
We are all very curious here: Why don't you just change the source code?

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Inkey "Hello World"
   Exit
end start

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Let esi=FileRead$("HelloWorldA.exe")
   mov eax, Mirror$("o Wo")
   mov ecx, LastFileSize
   sub ecx, 3
   .Repeat
      dec ecx
      .Break .if Sign?
   .Until eax==[esi+ecx]
   .if !Sign?
      mov dword ptr [esi+ecx+2], Mirror$("Andy")   ; patch it!
      mov byte ptr [esi+ecx+6], " "
   .endif
   Open "O", #1, "HelloWorldB.exe"
   PrintBuffer #1, esi, LastFileSize
   Close #1
   Launch "HelloWorldB.exe"   ; test it!
   Inkey
   Exit
end start

japheth

  • Guest
Re: Patch my code
« Reply #4 on: December 01, 2012, 07:16:03 PM »
There is even a similar message in the old forum archive asked by Japheth.

Would be interesting which message you mean. Might very well be possible, though - because I may have read the "forum rules" once and then forgot them - or perhaps I tend to interpret rules somewhat differently.

What's even more interesting ( at least for me ) is why I am a "guest" in the old forum. IIRC there was no possibility to "deregister" your own account. I surely didn't ask to be deregistered, so somebody must have done this on his/her own. Why?

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 7027
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Patch my code
« Reply #5 on: December 01, 2012, 07:47:01 PM »
> What's even more interesting ( at least for me ) is why I am a "guest" in the old forum.

Its a malicious plot that came from having to reconstruct the old forum on a much later 64 bit server on the other side of the world. It is now only an archive and no-one can register, deregister or post.

Andy,

Patching an EXE is easy, while it is not running open it as a file, move the file pointer to the offset you require then write the bytes you require at that address. Alternately you can load the whole file into memory, patch it in memory then write it back to disk.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

Vortex

  • Member
  • *****
  • Posts: 2102
Re: Patch my code
« Reply #6 on: December 01, 2012, 08:31:11 PM »
Hi Magnum,

As Hutch explained, it's an easy task. You can code your own patcher. Have a look at the file functions in the masm32 library.

Gunther

  • Member
  • *****
  • Posts: 3585
  • Forgive your enemies, but never forget their names
Re: Patch my code
« Reply #7 on: December 01, 2012, 10:01:55 PM »
Andy,

I've done a similar task some years ago. The point was: PowerBASIC for DOS was a real mode compiler, so it produced exe files for real mode or V86 mode. Addresses over 1 MB couldn't be accessed. On the other hand, it was very easy to switch the program into the protected mode. But once there, it was impossible to use the PowerBASIC RTL in protected mode, because the addresses, for example for the PRINT, was segment:offset and in the protected mode it must be selector:offset.

My solution was to write a small starter program which established the protected mode and after that, the starter changed the real mode addresses in the exe file into valid protected mode addresses. That strategy worked well.

Gunther
Get your facts first, and then you can distort them.

Magnum

  • Member
  • *****
  • Posts: 2308
Re: Patch my code
« Reply #8 on: December 01, 2012, 11:04:00 PM »
> What's even more interesting ( at least for me ) is why I am a "guest" in the old forum.

Its a malicious plot that came from having to reconstruct the old forum on a much later 64 bit server on the other side of the world. It is now only an archive and no-one can register, deregister or post.

Andy,

Patching an EXE is easy, while it is not running open it as a file, move the file pointer to the offset you require then write the bytes you require at that address. Alternately you can load the whole file into memory, patch it in memory then write it back to disk.

I just want my program, based on what is in one particular register and in one memory location,  to change a few things in my data section and replace a few statements in one procedure and then write it back to disk.

I understand that I will have to carefully determine the exact positions in the exe where to write the data so as not to overwrite the wrong code, write past the boundries, and other things I have not learned about yet.

I have been and continue to do a lot of studying and appreciate all the help I have gotten from everyone here.

I suspect that Right*rocessMemorex and &irtualPro%%ct may have done that in a test program I made which resulted in a problem
until I rebooted.

I used to not think much about Dr. Watson, but it's user dump etc. spotted some problems that even Olly couldn't find when I had it as my JIT debugger. :-)

Andy



If I patch it in memory and write it back
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

Magnum

  • Member
  • *****
  • Posts: 2308
Re: Patch my code
« Reply #9 on: December 01, 2012, 11:08:08 PM »
Surely, Andy, at your age you should not start to compete with the script kiddies :eusa_naughty:
We are all very curious here: Why don't you just change the source code?

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Inkey "Hello World"
   Exit
end start

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Let esi=FileRead$("HelloWorldA.exe")
   mov eax, Mirror$("o Wo")
   mov ecx, LastFileSize
   sub ecx, 3
   .Repeat
      dec ecx
      .Break .if Sign?
   .Until eax==[esi+ecx]
   .if !Sign?
      mov dword ptr [esi+ecx+2], Mirror$("Andy")   ; patch it!
      mov byte ptr [esi+ecx+6], " "
   .endif
   Open "O", #1, "HelloWorldB.exe"
   PrintBuffer #1, esi, LastFileSize
   Close #1
   Launch "HelloWorldB.exe"   ; test it!
   Inkey
   Exit
end start

Now be nice.

After you read my recent post,  maybe you will rethink your statement about my age and script kiddies.
Sometimes I think the worst in situations until some time has passed to think about it.

Take care,
                  Andy


Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

Magnum

  • Member
  • *****
  • Posts: 2308
Re: Patch my code
« Reply #10 on: December 01, 2012, 11:13:38 PM »
Andy,

I've done a similar task some years ago. The point was: PowerBASIC for DOS was a real mode compiler, so it produced exe files for real mode or V86 mode. Addresses over 1 MB couldn't be accessed. On the other hand, it was very easy to switch the program into the protected mode. But once there, it was impossible to use the PowerBASIC RTL in protected mode, because the addresses, for example for the PRINT, was segment:offset and in the protected mode it must be selector:offset.

My solution was to write a small starter program which established the protected mode and after that, the starter changed the real mode addresses in the exe file into valid protected mode addresses. That strategy worked well.

Gunther

That is interesting Gunther. Will that code still work in XP under cmd ? I still occasionally write some 16 bit code and would be interested in looking at some of that code to learn.

Andy
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

jj2007

  • Member
  • *****
  • Posts: 10087
  • Assembler is fun ;-)
    • MasmBasic
Re: Patch my code
« Reply #11 on: December 02, 2012, 12:53:22 AM »
Now be nice.

After you read my recent post,  maybe you will rethink your statement about my age and script kiddies.
Sometimes I think the worst in situations until some time has passed to think about it.

Take care,
                  Andy

Andy,

I am about your age so I guess I'm allowed to tease you a little bit ;-)

Take care, too
Jochen

Gunther

  • Member
  • *****
  • Posts: 3585
  • Forgive your enemies, but never forget their names
Re: Patch my code
« Reply #12 on: December 02, 2012, 01:04:10 AM »
Hi Andy,

That is interesting Gunther. Will that code still work in XP under cmd ? I still occasionally write some 16 bit code and would be interested in looking at some of that code to learn.

Andy

Sure, because XP supports DPMI.

Gunther
Get your facts first, and then you can distort them.

dedndave

  • Member
  • *****
  • Posts: 8825
  • Still using Abacus 2.0
    • DednDave
Re: Patch my code
« Reply #13 on: December 02, 2012, 03:37:14 AM »
before you spend a lot of time on this, Andy....

i think windows 7 will bark if you alter an executable file
i know that some AV's will flag it as infected

maybe you can make an entry in the registry or alter an INI file that is hidden away someplace   :t

Gunther

  • Member
  • *****
  • Posts: 3585
  • Forgive your enemies, but never forget their names
Re: Patch my code
« Reply #14 on: December 02, 2012, 05:25:27 AM »
Dave,

before you spend a lot of time on this, Andy....

i think windows 7 will bark if you alter an executable file
i know that some AV's will flag it as infected

maybe you can make an entry in the registry or alter an INI file that is hidden away someplace   :t

only some points. It is not necessary to alter the exe file; one can patch the exe during runtime in the RAM. Furthermore, I've strong doubts that native 16 bit code will run under Windows 7 (64 bit). Probably only inside a virtual machine.

Gunther
Get your facts first, and then you can distort them.