Stores simple states in exe

[Lord]

Thanks Michael for your disney code

@Walbus
Never mind, you know the words "kcc" and "professionnal" are rarely in the same sentence

... but in relation to "walbus" you are a professional.

[Kwai chang caine]

Me ??? if i'm a professional.... it's surely a jokes professional .... yes !!!!

[walbus]

Snord, the Official Dummy and Forum Clown

[Kwai chang caine]

Hey guys !!!! please !!!! do the love...not the war

[walbus]

I'm not interested in Snord - He is now a part from my ignore list - And tranquility is

The only unbreakable method that does not cause any trouble with virus scanners is to replace data in the exe.
The easiest way to do this is with a string
A sample like this

Code: Select all

my_fixed_string$={search_this=replace_this=12345}

So any user data can be entered into an exe or DLL

This can then also be easily read out from the running exe

[Kwai chang caine]

Yes you have right, but the problem is to replace this string when the EXE run
And when you try to do this...windows is no happy

[walbus]

Yes, this can only be done with a temporary exe
This temporary exe is included in the main exe
Then when closing the main exe copied automatically into the home folder and started
The main exe is then terminated
The temporary exe then patches the main exe
Whether you want to delete the temporary exe or not doesn't matter
I use similar constructions in my software, but do not patch the exe automatically
I can send you the search, replace code and the include code with PN, just for you
The compiler options are set so that a project is created
How to create and include the temporary exe automatically in the main exe
That's all, it's not difficult.

[Kwai chang caine]

Thanks a lot, but like i have say at the begining there is several good way for autopatching an exe, obviously yours in one of them.
We have no choice when we want modify great number of datas, or event a sentence

But my first the goal, it's justly not use this patching with another exe etc ...for just one bit, i found this a little bit heavy for a so little job
In fact, i have an application with two GUI, one funny (Like kcc know do ) and another grey, square, like microsoft know do too
And i want give to the user, the possibilty of choose if he want laugh or cry behind his GUI

It's the reason why, i just need one 0/1 for know what GUI the exe must run

[walbus]

The QUICK-AES-256 Mini Tool use this functions
It write his own DLL in the Home folder
You found in the Mini Tool package a personalizing tool, this tool can patch the Mini Tool and also the QAES DLL/SO
The QAES RSA Part use a lot furter high complicated functions for creating, crypting and decrypting temporary RSA Keys automatically in the Home Folder

[Kwai chang caine]

For me, it's a very little tool, i have all do for it be standalone.
You can put it everywhere, on the desktop, folder, etc...without install, and it not need to create file, just show a little text.
It's the reason why i have thinking to not use other file, exe, etc....just him...alone like a big

[Mijikai]

For me, it's a very little tool, i have all do for it be standalone.
You can put it everywhere, on the desktop, folder, etc...without install, and it not need to create file, just show a little text.
...

I guess the only possible way to achive this is by shellcode.
I might add a example later.

[Kwai chang caine]

Thanks a lot Mijikai
Have a good night

[Mijikai]

I wrote a working example however its only x64
Not sure if i should publish the whole code as some idiots might abuse it...

So for now only the shellcode (anti copy pasta):

Code: Select all

;PatchStub v.alpha (x64)
;by Mijikai
;tested on Win 10

DataSection
  Shellcode:
  !db 0EBh,058h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,048h,083h,0ECh,028h,048h,0C7h
  !db 0C1h,00Ah,000h,000h,000h,0FFh,015h,0B7h,0FFh,0FFh,0FFh,048h,083h,0C4h,028h,048h
  !db 083h,0ECh,058h,048h,08Bh,00Dh,0B0h,0FFh,0FFh,0FFh,048h,0BAh,000h,000h,000h,0C0h
  !db 000h,000h,000h,000h,04Dh,031h,0C0h,04Dh,031h,0C9h,048h,0C7h,044h,024h,020h,003h
  !db 000h,000h,000h,048h,0C7h,044h,024h,028h,080h,000h,000h,000h,0FFh,015h,060h,0FFh
  !db 0FFh,0FFh,048h,083h,0C4h,058h,048h,083h,0F8h,0FFh,074h,0AEh,048h,089h,005h,097h
  !db 0FFh,0FFh,0FFh,048h,083h,0ECh,040h,048h,08Bh,00Dh,08Ch,0FFh,0FFh,0FFh,048h,08Bh
  !db 015h,07Dh,0FFh,0FFh,0FFh,04Dh,031h,0C0h,04Dh,031h,0C9h,0FFh,015h,039h,0FFh,0FFh
  !db 0FFh,048h,083h,0C4h,040h,048h,083h,0F8h,0FFh,074h,02Fh,048h,083h,0ECh,048h,048h
  !db 08Bh,00Dh,064h,0FFh,0FFh,0FFh,048h,08Bh,015h,045h,0FFh,0FFh,0FFh,04Ch,08Bh,005h
  !db 046h,0FFh,0FFh,0FFh,04Dh,031h,0C9h,048h,0C7h,044h,024h,020h,000h,000h,000h,000h
  !db 0FFh,015h,00Ch,0FFh,0FFh,0FFh,048h,083h,0C4h,048h,048h,083h,0ECh,028h,048h,08Bh
  !db 00Dh,035h,0FFh,0FFh,0FFh,0FFh,015h,0FFh,0FEh,0FFh,0FFh,048h,083h,0C4h,028h,0C3h
EndDataSection

In order to make it work u need to do this:

- open the "Host.exe" that should run the shellcode.
- allocate remote memory (remotebuffer) -> stringbytesize (full path to you exe) + patchbuffersize + shellcodesize
- prepare the shellcode by patching it (starting at shellode + 2 each entry is 8 Bytes!)
- entry: API CreateFileW
- entry: API SetFilePointer
- entry: API WriteFile
- entry: API CloseHandle
- entry: API Sleep
- entry: remotebuffer
- entry: remotebuffer + stringbytesize (full path to your exe)
- entry: patchbuffersize
- entry: offset (where to patch your exe)
- copy everything into the remotebuffer -> order: string (exe full path) | patchbuffer | shellcode
- execute the remotebuffer @ remotebuffer + stringbytesize + patchbuffersize
- done

note: stringbytesize has to have the null bytes!

How it works:
Once the shellocode is injected into the "Host.exe" it waits for your application to close.
If your application is closed it will patch your application at the offset specified in the shellcode.
The remote thread will terminate when the patching is done.

[Kwai chang caine]

First ....a mountain of thanks Master MIJIKAI

At that i see, it's not the first year you programming
Furthermore, ....apparently in the more beatutiful hieroglyph language i love so, and nothing understanding

I try to running your jewel...
If my PC not explode at my face, or can only give the time after run it, i have really some chance

Not sure if i should publish the whole code as some idiots might abuse it...

Apparently, it's a dangerous method, to use the shellcode
It's the second time i heard this function, the first it's with my french forum friend Celtic88

I take a look on the web for know a little bit more information about this "power ranger" function and not be the watering can watered

; Once the shellocode is injected into the "Host.exe" it waits For your application To close.
; If your application is closed it will patch your application at the offset specified in the shellcode.
; The remote thread will terminate when the patching is done.

It's apparently a "super BATCH DOS", with much more powerfull functions, surely in rapport with the new function powershell of windows

Again thanks MIJIKAI and have a good week-end

[walbus]

Well, my personal opinion is that PB already has enough problems with malware and you shouldn't describe or publish these approaches here
For KCC's application, I also consider it the worst of all conceivable solutions
What Michael Vogel described should be enough for his purposes, as sample
, sorry