I have read the info on the OVERLAPPED structure, ReadFile, and WriteFile.
If I open test.exe in a hex editor, where should those 2 bytes, 75h and 15h be.
.data
FileName db "test.exe",0
AppName db "Fixit",0
Done db "File fixed succesfully !",0
NoFile db "Can't find test.exe !",0
ReFile db "Wrong version of test.exe !",0
WrFile db "Error writing to test.exe !",0
RBuffer db 75h, 15h
WBuffer db 90h,90h
; Specifies a file position at which to start the transfer. The file position is a byte offset
; from the start of the file. The calling process sets this member before calling the ReadFile or WriteFile function.
; This member is ignored when reading from or writing to named pipes and communications devices.
OffsetPos OVERLAPPED <NULL,NULL,53Fh,NULL,NULL>
Mark4 db "offsetpos End",0
.data?
hInstance HINSTANCE ?
CommandLine LPSTR ?
hwndname HWND ?
hFile HANDLE ?
Numb dd ?
Buffer db 2 dup(?)
.const
.code
start:
invoke GetModuleHandleA, NULL
mov hInstance,eax
invoke CreateFile,ADDR FileName, GENERIC_READ OR GENERIC_WRITE, FILE_SHARE_READ OR FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
.IF eax!=INVALID_HANDLE_VALUE
mov hFile, eax ; Store handle of file
; Read the 2 bytes we are going to fix
Invoke ReadFile, hFile, ADDR Buffer, 2, ADDR Numb, ADDR OffsetPos
mov ax, word ptr [Buffer]
.IF ax == word ptr [RBuffer] ; If they are the right ones (75h,15h) we replace them
Invoke WriteFile, hFile, ADDR WBuffer, 2, ADDR Numb, ADDR OffsetPos ; Write the new bytes (90h 90h)
.IF Numb == 2
push MB_OK
push OFFSET AppName
push OFFSET Done
.ELSE
push MB_OK OR MB_ICONINFORMATION
push OFFSET AppName
push OFFSET WrFile
.ENDIF
.ELSE
push MB_OK OR MB_ICONINFORMATION
push OFFSET AppName
push OFFSET ReFile
.ENDIF
.ELSE
push MB_OK OR MB_ICONINFORMATION
push OFFSET AppName
push OFFSET NoFile
.ENDIF
push NULL
Call MessageBox
invoke CloseHandle, hFile
invoke ExitProcess,eax
end start
The easiest method would be to search for the strings. Those two bytes should immediately follow the null terminator for the last string:
00000000
. . .
000007F0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000800 74 65 73 74 2E 65 78 65 - 00 46 69 78 69 74 00 46 test.exe.Fixit.F
00000810 69 6C 65 20 66 69 78 65 - 64 20 73 75 63 63 65 73 ile fixed succes
00000820 66 75 6C 6C 79 20 21 00 - 43 61 6E 27 74 20 66 69 fully !.Can't fi
00000830 6E 64 20 74 65 73 74 2E - 65 78 65 20 21 00 57 72 nd test.exe !.Wr
00000840 6F 6E 67 20 76 65 72 73 - 69 6F 6E 20 6F 66 20 74 ong version of t
00000850 65 73 74 2E 65 78 65 20 - 21 00 45 72 72 6F 72 20 est.exe !.Error
00000860 77 72 69 74 69 6E 67 20 - 74 6F 20 74 65 73 74 2E writing to test.
00000870 65 78 65 20 21 00 75 15 - 90 90 00 00 00 00 00 00 exe !.u.........
. . .
Quote from: Magnum on December 13, 2012, 04:05:55 PM
I have read the info on the OVERLAPPED structure, ReadFile, and WriteFile.
I'm sure that you don't need asynchron File IO (that means that Read/WriteFile immediately return without waiting until all bytes has been read/write) - always set lpOverlapped to NULL.The read/write position can be set using SetFilePointer().
EDIT: as Dubby point out, the OVERLAPPED structure can also used without FILE_FLAG_OVERLAPPE.
yes - OVERLAPPED I/O is not an issue, Andy
that will just add confusion to what you are trying to do
Quote from: qWord on December 13, 2012, 05:35:13 PM
I'm sure that you don't need asynchron File IO (that means that Read/WriteFile immediately
return without waiting until all bytes has been read/write) - always set lpOverlapped to NULL.
The read/write position can be set using SetFilePointer().
well, unless you are using overlapped I/O :lol:
i have played with overlapped I/O while working with a serial port
so - it does have its' uses :t
Hi
The best way to search a string in a File or replace a string is via FileMap
Then Search for a string and test the strings is Ascii char or not
A-Z,a-Z,0-9
The end of search can you use the filesize or check for Null bytes
Greets,
see here:
http://blogs.msdn.com/b/oldnewthing/archive/2012/04/05/10290954.aspx
You can use an OVERLAPPED structure with synchronous I/O, too
the provided sample is in C though.
Quote from: Dubby on December 13, 2012, 06:19:41 PM
see here:
http://blogs.msdn.com/b/oldnewthing/archive/2012/04/05/10290954.aspx
You can use an OVERLAPPED structure with synchronous I/O, too
the provided sample is in C though.
Didn't know that - saves the call to SetFilePointer() :icon14:
Quote from: MichaelW on December 13, 2012, 05:27:45 PM
The easiest method would be to search for the strings. Those two bytes should immediately follow the null terminator for the last string:
00000000
. . .
000007F0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000800 74 65 73 74 2E 65 78 65 - 00 46 69 78 69 74 00 46 test.exe.Fixit.F
00000810 69 6C 65 20 66 69 78 65 - 64 20 73 75 63 63 65 73 ile fixed succes
00000820 66 75 6C 6C 79 20 21 00 - 43 61 6E 27 74 20 66 69 fully !.Can't fi
00000830 6E 64 20 74 65 73 74 2E - 65 78 65 20 21 00 57 72 nd test.exe !.Wr
00000840 6F 6E 67 20 76 65 72 73 - 69 6F 6E 20 6F 66 20 74 ong version of t
00000850 65 73 74 2E 65 78 65 20 - 21 00 45 72 72 6F 72 20 est.exe !.Error
00000860 77 72 69 74 69 6E 67 20 - 74 6F 20 74 65 73 74 2E writing to test.
00000870 65 78 65 20 21 00 75 15 - 90 90 00 00 00 00 00 00 exe !.u.........
. . .
Michael,
I didn't make myself very clear.
I am visual kind of guy.
The author of the original code included an .exe that this program opens up.
It searched for those 2 bytes at a certain position.
Unfortunately, the included program that this code opened up, did not have two two bytes anywhere in the file,
and I got the message that it was the wrong version.
If it had, it would have been easy to see where those two bytes were when I opened it up in a hex editor.
Could someone make a program that has those 2 bytes in the right position?
It would help me move on. :t
Andy
Andy,
Open the file, set the file pointer to the offset it is supposed to be at then read the two bytes at that offset. Simple. :biggrin:
Ragdog,
I will also be searching for some code sequences to change as well.
Andy
Found some me#ory sc - a n -!er code in C.
Complex, but very interesting.
Andy
happynews.com
Hannover db "Courage: mental or moral strength to venture, persevere, and withstand danger, fear, or difficulty",0
Geist db "Spirit also suggests a quality of temperament enabling one to hold one's own or keep up one's morale when opposed or threatened.",0
if the exe file is relatively small, you can read the entire file into memory
of course, if you know the exact offset, you can use the file pointer method that Hutch mentioned
but, if you have to search for it, and the whole EXE is less than, say, 100 kb...
allocate a buffer, read it in, find it, patch it, write it out