PureBasic Forums - English

Posted: **Sat Apr 07, 2018 3:57 pm**

Kwai chang caine wrote:Thanks Michael for your disney code

@Walbus
Never mind, you know the words "kcc" and "professionnal" are rarely in the same sentence

... but in relation to "walbus" you are a professional.

Posted: **Sat Apr 07, 2018 4:12 pm**

Me ??? if i'm a professional....

it's surely a jokes professional .... yes !!!!

Posted: **Sat Apr 07, 2018 4:30 pm**

Snord, the Official Dummy and Forum Clown

Posted: **Sat Apr 07, 2018 4:43 pm**

Hey guys !!!! please !!!! do the love...not the war

Posted: **Sat Apr 07, 2018 4:46 pm**

I'm not interested in Snord - He is now a part from my ignore list - And tranquility is

The only unbreakable method that does not cause any trouble with virus scanners is to replace data in the exe.
The easiest way to do this is with a string
A sample like this

Code: Select all

my_fixed_string$={search_this=replace_this=12345}

So any user data can be entered into an exe or DLL

This can then also be easily read out from the running exe

Posted: **Sat Apr 07, 2018 5:43 pm**

Yes you have right, but the problem is to replace this string when the EXE run

And when you try to do this...windows is no happy

Posted: **Sat Apr 07, 2018 5:59 pm**

Yes, this can only be done with a temporary exe
This temporary exe is included in the main exe
Then when closing the main exe copied automatically into the home folder and started
The main exe is then terminated
The temporary exe then patches the main exe
Whether you want to delete the temporary exe or not doesn't matter
I use similar constructions in my software, but do not patch the exe automatically
I can send you the search, replace code and the include code with PN, just for you
The compiler options are set so that a project is created
How to create and include the temporary exe automatically in the main exe
That's all, it's not difficult.

Posted: **Sat Apr 07, 2018 6:15 pm**

Thanks a lot, but like i have say at the begining there is several good way for autopatching an exe, obviously yours in one of them.
We have no choice when we want modify great number of datas, or event a sentence

But my first the goal, it's justly not use this patching with another exe etc ...for just one bit, i found this a little bit heavy for a so little job

In fact, i have an application with two GUI, one funny (Like kcc know do

) and another grey, square, like microsoft know do too

And i want give to the user, the possibilty of choose if he want laugh or cry behind his GUI

It's the reason why, i just need one 0/1 for know what GUI the exe must run

Posted: **Sat Apr 07, 2018 6:31 pm**

The QUICK-AES-256 Mini Tool use this functions
It write his own DLL in the Home folder
You found in the Mini Tool package a personalizing tool, this tool can patch the Mini Tool and also the QAES DLL/SO
The QAES RSA Part use a lot furter high complicated functions for creating, crypting and decrypting temporary RSA Keys automatically in the Home Folder

Posted: **Sat Apr 07, 2018 6:51 pm**

For me, it's a very little tool, i have all do for it be standalone.
You can put it everywhere, on the desktop, folder, etc...without install, and it not need to create file, just show a little text.
It's the reason why i have thinking to not use other file, exe, etc....just him...alone like a big

Posted: **Sat Apr 07, 2018 7:28 pm**

Kwai chang caine wrote:For me, it's a very little tool, i have all do for it be standalone.
You can put it everywhere, on the desktop, folder, etc...without install, and it not need to create file, just show a little text.
...

I guess the only possible way to achive this is by shellcode.
I might add a example later.

Posted: **Sat Apr 07, 2018 8:01 pm**

Thanks a lot Mijikai
Have a good night

Posted: **Sun Apr 08, 2018 11:07 am**

I wrote a working example however its only x64

Not sure if i should publish the whole code as some idiots might abuse it...

So for now only the shellcode (anti copy pasta):

Code: Select all

;PatchStub v.alpha (x64)
;by Mijikai
;tested on Win 10

DataSection
  Shellcode:
  !db 0EBh,058h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
  !db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,048h,083h,0ECh,028h,048h,0C7h
  !db 0C1h,00Ah,000h,000h,000h,0FFh,015h,0B7h,0FFh,0FFh,0FFh,048h,083h,0C4h,028h,048h
  !db 083h,0ECh,058h,048h,08Bh,00Dh,0B0h,0FFh,0FFh,0FFh,048h,0BAh,000h,000h,000h,0C0h
  !db 000h,000h,000h,000h,04Dh,031h,0C0h,04Dh,031h,0C9h,048h,0C7h,044h,024h,020h,003h
  !db 000h,000h,000h,048h,0C7h,044h,024h,028h,080h,000h,000h,000h,0FFh,015h,060h,0FFh
  !db 0FFh,0FFh,048h,083h,0C4h,058h,048h,083h,0F8h,0FFh,074h,0AEh,048h,089h,005h,097h
  !db 0FFh,0FFh,0FFh,048h,083h,0ECh,040h,048h,08Bh,00Dh,08Ch,0FFh,0FFh,0FFh,048h,08Bh
  !db 015h,07Dh,0FFh,0FFh,0FFh,04Dh,031h,0C0h,04Dh,031h,0C9h,0FFh,015h,039h,0FFh,0FFh
  !db 0FFh,048h,083h,0C4h,040h,048h,083h,0F8h,0FFh,074h,02Fh,048h,083h,0ECh,048h,048h
  !db 08Bh,00Dh,064h,0FFh,0FFh,0FFh,048h,08Bh,015h,045h,0FFh,0FFh,0FFh,04Ch,08Bh,005h
  !db 046h,0FFh,0FFh,0FFh,04Dh,031h,0C9h,048h,0C7h,044h,024h,020h,000h,000h,000h,000h
  !db 0FFh,015h,00Ch,0FFh,0FFh,0FFh,048h,083h,0C4h,048h,048h,083h,0ECh,028h,048h,08Bh
  !db 00Dh,035h,0FFh,0FFh,0FFh,0FFh,015h,0FFh,0FEh,0FFh,0FFh,048h,083h,0C4h,028h,0C3h
EndDataSection

In order to make it work u need to do this:

- open the "Host.exe" that should run the shellcode.
- allocate remote memory (remotebuffer) -> stringbytesize (full path to you exe) + patchbuffersize + shellcodesize
- prepare the shellcode by patching it (starting at shellode + 2 each entry is 8 Bytes!)
- entry: API CreateFileW
- entry: API SetFilePointer
- entry: API WriteFile
- entry: API CloseHandle
- entry: API Sleep
- entry: remotebuffer
- entry: remotebuffer + stringbytesize (full path to your exe)
- entry: patchbuffersize
- entry: offset (where to patch your exe)
- copy everything into the remotebuffer -> order: string (exe full path) | patchbuffer | shellcode
- execute the remotebuffer @ remotebuffer + stringbytesize + patchbuffersize
- done

note: stringbytesize has to have the null bytes!

How it works:
Once the shellocode is injected into the "Host.exe" it waits for your application to close.
If your application is closed it will patch your application at the offset specified in the shellcode.
The remote thread will terminate when the patching is done.

Posted: **Sun Apr 08, 2018 11:40 am**

First ....a mountain of thanks Master MIJIKAI

At that i see, it's not the first year you programming

Furthermore, ....apparently in the more beatutiful hieroglyph language i love so,

and nothing understanding

I try to running your jewel...
If my PC not explode at my face, or can only give the time after run it, i have really some chance

Not sure if i should publish the whole code as some idiots might abuse it...

Apparently, it's a dangerous method, to use the shellcode

It's the second time i heard this function, the first it's with my french forum friend Celtic88

I take a look on the web for know a little bit more information about this "power ranger" function and not be the watering can watered

Master wrote:; Once the shellocode is injected into the "Host.exe" it waits For your application To close.
; If your application is closed it will patch your application at the offset specified in the shellcode.
; The remote thread will terminate when the patching is done.

It's apparently a "super BATCH DOS", with much more powerfull functions, surely in rapport with the new function powershell of windows

Again thanks MIJIKAI and have a good week-end

Posted: **Sun Apr 08, 2018 12:31 pm**

Well, my personal opinion is that PB already has enough problems with malware and you shouldn't describe or publish these approaches here
For KCC's application, I also consider it the worst of all conceivable solutions
What Michael Vogel described should be enough for his purposes, as sample
, sorry

PureBasic Forums - English

Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe

Re: Stores simple states in exe