Patch my code

[Magnum]

I would like to learn how to patch and save an exe that I have made and opened and have it save the changes.

[qWord]

The rules of the forum

[Magnum]

I read the rules.

Nothing in there about what I am asking for.

There is even a similar message in the old forum archive asked by Japheth.

Andy

[jj2007]

Surely, Andy, at your age you should not start to compete with the script kiddies
We are all very curious here: Why don't you just change the source code?

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Inkey "Hello World"
   Exit
end start

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Let esi=FileRead$("HelloWorldA.exe")
   mov eax, Mirror$("o Wo")
   mov ecx, LastFileSize
   sub ecx, 3
   .Repeat
      dec ecx
      .Break .if Sign?
   .Until eax==[esi+ecx]
   .if !Sign?
      mov dword ptr [esi+ecx+2], Mirror$("Andy")   ; patch it!
      mov byte ptr [esi+ecx+6], " "
   .endif
   Open "O", #1, "HelloWorldB.exe"
   PrintBuffer #1, esi, LastFileSize
   Close #1
   Launch "HelloWorldB.exe"   ; test it!
   Inkey
   Exit
end start

[japheth]

There is even a similar message in the old forum archive asked by Japheth.

Would be interesting which message you mean. Might very well be possible, though - because I may have read the "forum rules" once and then forgot them - or perhaps I tend to interpret rules somewhat differently.

What's even more interesting ( at least for me ) is why I am a "guest" in the old forum. IIRC there was no possibility to "deregister" your own account. I surely didn't ask to be deregistered, so somebody must have done this on his/her own. Why?

[hutch--]

> What's even more interesting ( at least for me ) is why I am a "guest" in the old forum.

Its a malicious plot that came from having to reconstruct the old forum on a much later 64 bit server on the other side of the world. It is now only an archive and no-one can register, deregister or post.

Andy,

Patching an EXE is easy, while it is not running open it as a file, move the file pointer to the offset you require then write the bytes you require at that address. Alternately you can load the whole file into memory, patch it in memory then write it back to disk.

[Vortex]

Hi Magnum,

As Hutch explained, it's an easy task. You can code your own patcher. Have a look at the file functions in the masm32 library.

[Gunther]

Andy,

I've done a similar task some years ago. The point was: PowerBASIC for DOS was a real mode compiler, so it produced exe files for real mode or V86 mode. Addresses over 1 MB couldn't be accessed. On the other hand, it was very easy to switch the program into the protected mode. But once there, it was impossible to use the PowerBASIC RTL in protected mode, because the addresses, for example for the PRINT, was segment:offset and in the protected mode it must be selector:offset.

My solution was to write a small starter program which established the protected mode and after that, the starter changed the real mode addresses in the exe file into valid protected mode addresses. That strategy worked well.

Gunther

[Magnum]

> What's even more interesting ( at least for me ) is why I am a "guest" in the old forum.

Its a malicious plot that came from having to reconstruct the old forum on a much later 64 bit server on the other side of the world. It is now only an archive and no-one can register, deregister or post.

Andy,

Patching an EXE is easy, while it is not running open it as a file, move the file pointer to the offset you require then write the bytes you require at that address. Alternately you can load the whole file into memory, patch it in memory then write it back to disk.

I just want my program, based on what is in one particular register and in one memory location,  to change a few things in my data section and replace a few statements in one procedure and then write it back to disk.

I understand that I will have to carefully determine the exact positions in the exe where to write the data so as not to overwrite the wrong code, write past the boundries, and other things I have not learned about yet.

I have been and continue to do a lot of studying and appreciate all the help I have gotten from everyone here.

I suspect that Right*rocessMemorex and &irtualPro%%ct may have done that in a test program I made which resulted in a problem
until I rebooted.

I used to not think much about Dr. Watson, but it's user dump etc. spotted some problems that even Olly couldn't find when I had it as my JIT debugger. :-)

Andy



If I patch it in memory and write it back

[Magnum]

Surely, Andy, at your age you should not start to compete with the script kiddies
We are all very curious here: Why don't you just change the source code?

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Inkey "Hello World"
   Exit
end start

include \masm32\MasmBasic\MasmBasic.inc   ; download
   Init
   Let esi=FileRead$("HelloWorldA.exe")
   mov eax, Mirror$("o Wo")
   mov ecx, LastFileSize
   sub ecx, 3
   .Repeat
      dec ecx
      .Break .if Sign?
   .Until eax==[esi+ecx]
   .if !Sign?
      mov dword ptr [esi+ecx+2], Mirror$("Andy")   ; patch it!
      mov byte ptr [esi+ecx+6], " "
   .endif
   Open "O", #1, "HelloWorldB.exe"
   PrintBuffer #1, esi, LastFileSize
   Close #1
   Launch "HelloWorldB.exe"   ; test it!
   Inkey
   Exit
end start

Now be nice.

After you read my recent post,  maybe you will rethink your statement about my age and script kiddies.
Sometimes I think the worst in situations until some time has passed to think about it.

Take care,
                  Andy

[Magnum]

Andy,

I've done a similar task some years ago. The point was: PowerBASIC for DOS was a real mode compiler, so it produced exe files for real mode or V86 mode. Addresses over 1 MB couldn't be accessed. On the other hand, it was very easy to switch the program into the protected mode. But once there, it was impossible to use the PowerBASIC RTL in protected mode, because the addresses, for example for the PRINT, was segment:offset and in the protected mode it must be selector:offset.

My solution was to write a small starter program which established the protected mode and after that, the starter changed the real mode addresses in the exe file into valid protected mode addresses. That strategy worked well.

Gunther

That is interesting Gunther. Will that code still work in XP under cmd ? I still occasionally write some 16 bit code and would be interested in looking at some of that code to learn.

Andy

[jj2007]

Now be nice.

After you read my recent post,  maybe you will rethink your statement about my age and script kiddies.
Sometimes I think the worst in situations until some time has passed to think about it.

Take care,
                  Andy

Andy,

I am about your age so I guess I'm allowed to tease you a little bit ;-)

Take care, too
Jochen

[Gunther]

Hi Andy,

That is interesting Gunther. Will that code still work in XP under cmd ? I still occasionally write some 16 bit code and would be interested in looking at some of that code to learn.

Andy

Sure, because XP supports DPMI.

Gunther

[dedndave]

before you spend a lot of time on this, Andy....

i think windows 7 will bark if you alter an executable file
i know that some AV's will flag it as infected

maybe you can make an entry in the registry or alter an INI file that is hidden away someplace   :t

[Gunther]

Dave,

before you spend a lot of time on this, Andy....

i think windows 7 will bark if you alter an executable file
i know that some AV's will flag it as infected

maybe you can make an entry in the registry or alter an INI file that is hidden away someplace   :t

only some points. It is not necessary to alter the exe file; one can patch the exe during runtime in the RAM. Furthermore, I've strong doubts that native 16 bit code will run under Windows 7 (64 bit). Probably only inside a virtual machine.

Gunther