Seite 2 von 3
Re: Assembler code editieren
Verfasst: 15.12.2011 10:02
von deify
Also mir war ja von Anfang an klar, dass dieses Thema eine diskussion verursachen würde :Diskussion
Da ich nun doch schon ein Beispiel zum editieren in c++gefunden habe, besteht nur noch die frage nach dem Offset.
Ich hatte mir das so überlegt:
Ich besitze ja die globale speicheradresse aus olly. Nun habe ich mir überlegt den Offset, auf die exe bezogen so zu berechnen.
Man nimmt die globale Adresse und zieht den ersten speicherwert der exe davon ab. Somit müsste ich doch eigentlich den Offset erhalten um via writebyte die exe dauerhft zu modifizieren oder?
Aber wie erhalte ich die startaddresse? Openprozess gibt mir ja nur ein handle.
MfG deify

Re: Assembler code editieren
Verfasst: 15.12.2011 10:54
von NicTheQuick
Eine EXE-Datei hat auch noch einen Header. Die Position im Speicher während der entsprechende Prozess läuft ist somit nicht gleich der Position in der EXE-Datei. Dazu solltest du lieber die EXE-Datei durch einen Disassembler jagen und dann daran rumwerkeln.
Re: Assembler code editieren
Verfasst: 15.12.2011 11:20
von deify
Das hatte ich schon gemacht. Wäre bzgl des CD patch auch kein Problem, aber sobald es um Mode geht und im generellen interessiert.mich die Praxis eines patchers. Ist der Header einer exe so kompliziert aufgebaut? Sollte doch in der Regel kein Problem darstellen die Länge des bessere zu bestimmen oder etwa doch?
Re: Assembler code editieren
Verfasst: 15.12.2011 11:25
von c4s
Vielleicht kann dir
Cheat Engine einen Großteil der Arbeit abnehmen.
Re: Assembler code editieren
Verfasst: 15.12.2011 11:53
von deify
Dazu benutze ich ja ollydbg (: ist ja quasi das selbe blos etwas professioneller.
Den Trainer als exe in cheatengine ausgeben lassen ist nicht wirklich eine alternative für mich

ich will ja auch etwas in PB lernen (:
Re: Assembler code editieren
Verfasst: 15.12.2011 11:58
von Danilo
ImageBase ist die Adresse an der das Image im Speicher geladen wird.
BaseOfCode ist der Beginn der Code Section im Speicher, relative zur ImageBase.
Damit solltest Du eine Adresse im Speicher in einen Offset in der Code Section
der EXE umrechnen können. Dann nur noch die code section suchen und rein schreiben.
Link zur Beschreibung des PE Format von Microsoft ist unten im Code. Das solltest Du mal
selbst studieren, wenn Du etwas lernen möchtest.
Als Tipp in die richtige Richtung sollte das genügen, den Weg mußt Du selbst gehen.
Code: Alles auswählen
;
; PE file structures
;
; MZ = initials of Mark Zbikowski, one of the original architects of MS-DOS.
#IMAGE_DOS_SIGNATURE = $5A4D ; MZ - IMAGE_DOS_HEADER \ e_magic
#IMAGE_DOS_SIGNATURE_REVERSED = $4D5A ; ZM - IMAGE_DOS_HEADER \ e_magic
#IMAGE_OS2_SIGNATURE = $454E ; NE
#IMAGE_OS2_SIGNATURE_LE = $454C ; LE
#IMAGE_VXD_SIGNATURE = $454C ; LE
#IMAGE_NT_SIGNATURE = $00004550 ; PE00
#IMAGE_ORDINAL_FLAG = $80000000
#IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16
; IMAGE_NT_HEADERS -> IMAGE_FILE_HEADER -> Machine
#IMAGE_FILE_MACHINE_UNKNOWN = $0 ; Unknown
#IMAGE_FILE_MACHINE_I386 = $014c ; Intel 386.
#IMAGE_FILE_MACHINE_R3000 = $0162 ; MIPS little-endian, 0x160 big-endian
#IMAGE_FILE_MACHINE_R4000 = $0166 ; MIPS little-endian
#IMAGE_FILE_MACHINE_R10000 = $0168 ; MIPS little-endian
#IMAGE_FILE_MACHINE_WCEMIPSV2 = $0169 ; MIPS little-endian WCE v2
#IMAGE_FILE_MACHINE_ALPHA = $0184 ; Alpha_AXP
#IMAGE_FILE_MACHINE_SH3 = $01a2 ; SH3 little-endian
#IMAGE_FILE_MACHINE_SH3DSP = $01a3
#IMAGE_FILE_MACHINE_SH3E = $01a4 ; SH3E little-endian
#IMAGE_FILE_MACHINE_SH4 = $01a6 ; SH4 little-endian
#IMAGE_FILE_MACHINE_SH5 = $01a8 ; SH5
#IMAGE_FILE_MACHINE_ARM = $01c0 ; ARM Little-Endian
#IMAGE_FILE_MACHINE_THUMB = $01c2
#IMAGE_FILE_MACHINE_AM33 = $01d3
#IMAGE_FILE_MACHINE_POWERPC = $01F0 ; IBM PowerPC Little-Endian
#IMAGE_FILE_MACHINE_POWERPCFP = $01f1
#IMAGE_FILE_MACHINE_IA64 = $0200 ; Intel 64
#IMAGE_FILE_MACHINE_MIPS16 = $0266 ; MIPS
#IMAGE_FILE_MACHINE_ALPHA64 = $0284 ; ALPHA64
#IMAGE_FILE_MACHINE_MIPSFPU = $0366 ; MIPS
#IMAGE_FILE_MACHINE_MIPSFPU16 = $0466 ; MIPS
#IMAGE_FILE_MACHINE_AXP64 = #IMAGE_FILE_MACHINE_ALPHA64
#IMAGE_FILE_MACHINE_TRICORE = $0520 ; Infineon
#IMAGE_FILE_MACHINE_CEF = $0CEF
#IMAGE_FILE_MACHINE_EBC = $0EBC ; EFI Byte Code
#IMAGE_FILE_MACHINE_AMD64 = $8664 ; AMD64 (K8)
#IMAGE_FILE_MACHINE_M32R = $9041 ; M32R little-endian
#IMAGE_FILE_MACHINE_CEE = $C0EE
; IMAGE_NT_HEADERS -> IMAGE_FILE_HEADER -> Characteristics
#IMAGE_FILE_RELOCS_STRIPPED = $0001 ; Relocation info stripped from file.
#IMAGE_FILE_EXECUTABLE_IMAGE = $0002 ; File is executable (i.e. no unresolved externel references).
#IMAGE_FILE_LINE_NUMS_STRIPPED = $0004 ; Line nunbers stripped from file.
#IMAGE_FILE_LOCAL_SYMS_STRIPPED = $0008 ; Local symbols stripped from file.
#IMAGE_FILE_AGGRESIVE_WS_TRIM = $0010 ; Agressively trim working set
#IMAGE_FILE_LARGE_ADDRESS_AWARE = $0020 ; App can handle >2gb addresses
#IMAGE_FILE_BYTES_REVERSED_LO = $0080 ; Bytes of machine word are reversed.
#IMAGE_FILE_32BIT_MACHINE = $0100 ; 32 bit word machine.
#IMAGE_FILE_DEBUG_STRIPPED = $0200 ; Debugging info stripped from file in .DBG file
#IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = $0400 ; If Image is on removable media, copy And run from the swap file.
#IMAGE_FILE_NET_RUN_FROM_SWAP = $0800 ; If Image is on Net, copy And run from the swap file.
#IMAGE_FILE_SYSTEM = $1000 ; System File.
#IMAGE_FILE_DLL = $2000 ; File is a DLL.
#IMAGE_FILE_UP_SYSTEM_ONLY = $4000 ; File should only be run on a UP machine
#IMAGE_FILE_BYTES_REVERSED_HI = $8000 ; Bytes of machine word are reversed.
; IMAGE_NT_HEADERS -> IMAGE_OPTIONAL_HEADER -> Magic
#IMAGE_NT_OPTIONAL_HDR32_MAGIC = $10
#IMAGE_NT_OPTIONAL_HDR64_MAGIC = $20
; IMAGE_NT_HEADERS -> IMAGE_OPTIONAL_HEADER -> Subsystem
#IMAGE_SUBSYSTEM_UNKNOWN = 0 ; Unknown subsystem.
#IMAGE_SUBSYSTEM_NATIVE = 1 ; Image doesn't require a subsystem.
#IMAGE_SUBSYSTEM_WINDOWS_GUI = 2 ; Image runs in the Windows GUI subsystem.
#IMAGE_SUBSYSTEM_WINDOWS_CUI = 3 ; Image runs in the Windows character subsystem.
#IMAGE_SUBSYSTEM_OS2_CUI = 5 ; image runs in the OS/2 character subsystem.
#IMAGE_SUBSYSTEM_POSIX_CUI = 7 ; image runs in the Posix character subsystem.
#IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8 ; image is a native Win9x driver.
#IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9 ; Image runs in the Windows CE subsystem.
#IMAGE_SUBSYSTEM_EFI_APPLICATION = 10
#IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11
#IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12
#IMAGE_SUBSYSTEM_EFI_ROM = 13
#IMAGE_SUBSYSTEM_XBOX = 14
; IMAGE_NT_HEADERS -> IMAGE_OPTIONAL_HEADER -> DllCharacteristics
#IMAGE_DLLCHARACTERISTICS_NO_BIND = $0800 ; Do not bind this image.
; $1000 ; Reserved.
#IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = $2000 ; Driver uses WDM model
; $4000 ; Reserved.
#IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = $8000
; IMAGE_SECTION_HEADER -> Name
#IMAGE_SIZEOF_SHORT_NAME = 8
;
; Section characteristics.
;
#IMAGE_SCN_TYPE_REG = $00000000 ; Reserved.
#IMAGE_SCN_TYPE_DSECT = $00000001 ; Reserved.
#IMAGE_SCN_TYPE_NOLOAD = $00000002 ; Reserved.
#IMAGE_SCN_TYPE_GROUP = $00000004 ; Reserved.
#IMAGE_SCN_TYPE_NO_PAD = $00000008 ; Reserved.
#IMAGE_SCN_TYPE_COPY = $00000010 ; Reserved.
#IMAGE_SCN_CNT_CODE = $00000020 ; Section contains code.
#IMAGE_SCN_CNT_INITIALIZED_DATA = $00000040 ; Section contains initialized Data.
#IMAGE_SCN_CNT_UNINITIALIZED_DATA = $00000080 ; Section contains uninitialized Data.
#IMAGE_SCN_LNK_OTHER = $00000100 ; Reserved.
#IMAGE_SCN_LNK_INFO = $00000200 ; Section contains comments Or some other type of information.
#IMAGE_SCN_TYPE_OVER = $00000400 ; Reserved.
#IMAGE_SCN_LNK_REMOVE = $00000800 ; Section contents will not become part of image.
#IMAGE_SCN_LNK_COMDAT = $00001000 ; Section contents comdat.
; = $00002000 ; Reserved.
#IMAGE_SCN_MEM_PROTECTED = $00004000 ; - Obsolete
#IMAGE_SCN_NO_DEFER_SPEC_EXC = $00004000 ; Reset speculative exceptions handling bits in the TLB entries For this section.
#IMAGE_SCN_GPREL = $00008000 ; Section content can be accessed relative to GP
#IMAGE_SCN_MEM_FARDATA = $00008000
#IMAGE_SCN_MEM_SYSHEAP = $00010000 ; - Obsolete
#IMAGE_SCN_MEM_PURGEABLE = $00020000
#IMAGE_SCN_MEM_16BIT = $00020000
#IMAGE_SCN_MEM_LOCKED = $00040000
#IMAGE_SCN_MEM_PRELOAD = $00080000
#IMAGE_SCN_ALIGN_1BYTES = $00100000
#IMAGE_SCN_ALIGN_2BYTES = $00200000
#IMAGE_SCN_ALIGN_4BYTES = $00300000
#IMAGE_SCN_ALIGN_8BYTES = $00400000
#IMAGE_SCN_ALIGN_16BYTES = $00500000 ; Default alignment if no others are specified.
#IMAGE_SCN_ALIGN_32BYTES = $00600000
#IMAGE_SCN_ALIGN_64BYTES = $00700000
#IMAGE_SCN_ALIGN_128BYTES = $00800000
#IMAGE_SCN_ALIGN_256BYTES = $00900000
#IMAGE_SCN_ALIGN_512BYTES = $00A00000
#IMAGE_SCN_ALIGN_1024BYTES = $00B00000
#IMAGE_SCN_ALIGN_2048BYTES = $00C00000
#IMAGE_SCN_ALIGN_4096BYTES = $00D00000
#IMAGE_SCN_ALIGN_8192BYTES = $00E00000
; Unused = $00F00000
#IMAGE_SCN_ALIGN_MASK = $00F00000
#IMAGE_SCN_LNK_NRELOC_OVFL = $01000000 ; Section contains extended relocations.
#IMAGE_SCN_MEM_DISCARDABLE = $02000000 ; Section can be discarded.
#IMAGE_SCN_MEM_NOT_CACHED = $04000000 ; Section is not cachable.
#IMAGE_SCN_MEM_NOT_PAGED = $08000000 ; Section is not pageable.
#IMAGE_SCN_MEM_SHARED = $10000000 ; Section is shareable.
#IMAGE_SCN_MEM_EXECUTE = $20000000 ; Section is executable.
#IMAGE_SCN_MEM_READ = $40000000 ; Section is readable.
#IMAGE_SCN_MEM_WRITE = $80000000 ; Section is writeable.
; IMAGE_NT_HEADERS -> IMAGE_OPTIONAL_HEADER -> DataDirectory
#IMAGE_DIRECTORY_ENTRY_EXPORT = 0 ; Export Directory
#IMAGE_DIRECTORY_ENTRY_IMPORT = 1 ; Import Directory
#IMAGE_DIRECTORY_ENTRY_RESOURCE = 2 ; Resource Directory
#IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3 ; Exception Directory
#IMAGE_DIRECTORY_ENTRY_SECURITY = 4 ; Security Directory
#IMAGE_DIRECTORY_ENTRY_BASERELOC = 5 ; Base Relocation Table
#IMAGE_DIRECTORY_ENTRY_DEBUG = 6 ; Debug Directory
#IMAGE_DIRECTORY_ENTRY_COPYRIGHT = 7 ; Description String
#IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8 ; Machine Value (MIPS GP)
#IMAGE_DIRECTORY_ENTRY_TLS = 9 ; TLS Directory
#IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10 ; Load Configuration Directory
#IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11 ; Bound Import Directory in headers
#IMAGE_DIRECTORY_ENTRY_IAT = 12 ; Import Address Table
#IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13 ; Delay Load Import Descriptors
#IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14 ; COM Runtime descriptor
; IMAGE_NT_HEADERS -> IMAGE_OPTIONAL_HEADER -> Magic
#IMAGE_NT_OPTIONAL_HDR32_MAGIC = $10
#IMAGE_NT_OPTIONAL_HDR64_MAGIC = $20
;- IMAGE_DOS_HEADER
Structure _IMAGE_DOS_HEADER
e_magic.w ; Magic number
e_cblp.w ; Bytes on last page of file
e_cp.w ; Pages in file
e_crlc.w ; Relocations
e_cparhdr.w ; Size of header in paragraphs
e_minalloc.w ; Minimum extra paragraphs needed
e_maxalloc.w ; Maximum extra paragraphs needed
e_ss.w ; Initial (relative) SS value
e_sp.w ; Initial SP value
e_csum.w ; Checksum
e_ip.w ; Initial IP value
e_cs.w ; Initial (relative) CS value
e_lfarlc.w ; File address of relocation table
e_ovno.w ; Overlay number
e_res.w[4] ; Reserved words (0 To 3)
e_oemid.w ; OEM identifier (for e_oeminfo)
e_oeminfo.w ; OEM information; e_oemid specific
e_res2.w[10] ; Reserved words (0 To 9)
e_lfanew.l ; File address of new exe header (RVA)
EndStructure
;- IMAGE_DATA_DIRECTORY
Structure _IMAGE_DATA_DIRECTORY
VirtualAddress.l ; AS DWORD
Size.l ; AS DWORD
EndStructure
;- IMAGE_OPTIONAL_HEADER
Structure _IMAGE_OPTIONAL_HEADER
; Standard fields.
Magic.w ; AS WORD
MajorLinkerVersion.b ; AS BYTE
MinorLinkerVersion.b ; AS BYTE
SizeOfCode.l ; AS DWORD
SizeOfInitializedData.l ; AS DWORD
SizeOfUninitializedData.l ; AS DWORD
AddressOfEntryPoint.l ; AS DWORD
BaseOfCode.l ; AS DWORD
BaseOfData.l ; AS DWORD
; NT additional fields.
ImageBase.l ; AS DWORD
SectionAlignment.l ; AS DWORD
FileAlignment.l ; AS DWORD
MajorOperatingSystemVersion.w ; AS WORD
MinorOperatingSystemVersion.w ; AS WORD
MajorImageVersion.w ; AS WORD
MinorImageVersion.w ; AS WORD
MajorSubsystemVersion.w ; AS WORD
MinorSubsystemVersion.w ; AS WORD
Win32VersionValue.l ; AS DWORD
SizeOfImage.l ; AS DWORD
SizeOfHeaders.l ; AS DWORD
CheckSum.l ; AS DWORD
Subsystem.w ; AS WORD
DllCharacteristics.w ; AS WORD
SizeOfStackReserve.l ; AS DWORD
SizeOfStackCommit.l ; AS DWORD
SizeOfHeapReserve.l ; AS DWORD
SizeOfHeapCommit.l ; AS DWORD
LoaderFlags.l ; AS DWORD
NumberOfRvaAndSizes.l ; AS DWORD
DataDirectory._IMAGE_DATA_DIRECTORY[#IMAGE_NUMBEROF_DIRECTORY_ENTRIES]
EndStructure
;- IMAGE_FILE_HEADER
Structure _IMAGE_FILE_HEADER
Machine.w ; AS WORD
NumberOfSections.w ; AS WORD
TimeDateStamp.l ; AS DWORD
PointerToSymbolTable.l ; AS DWORD
NumberOfSymbols.l ; AS DWORD
SizeOfOptionalHeader.w ; AS WORD
Characteristics.w ; AS WORD
EndStructure
;- IMAGE_NT_HEADERS
Structure _IMAGE_NT_HEADERS
Signature.l
FileHeader._IMAGE_FILE_HEADER
OptionalHeader._IMAGE_OPTIONAL_HEADER
EndStructure
Structure _IMAGE_SECTION_HEADER
Name.b[#IMAGE_SIZEOF_SHORT_NAME] ; AS STRING * %IMAGE_SIZEOF_SHORT_NAME
StructureUnion
PhysicalAddress.l ; AS DWORD
VirtualSize.l ; AS DWORD
EndStructureUnion
VirtualAddress.l ; AS DWORD
SizeOfRawData.l ; AS DWORD
PointerToRawData.l ; AS DWORD
PointerToRelocations.l ; AS DWORD
PointerToLinenumbers.l ; AS DWORD
NumberOfRelocations.w ; AS WORD
NumberOfLinenumbers.w ; AS WORD
Characteristics.l ; AS DWORD
EndStructure
Structure _IMAGE_IMPORT_DESCRIPTOR
StructureUnion
Characteristics.l ; DWORD
OriginalFirstThunk.l ; DWORD
EndStructureUnion
TimeDateStamp.l ; DWORD
ForwarderChain.l ; DWORD
Name.l ; DWORD
FirstThunk.l ; DWORD
EndStructure
Structure _IMAGE_THUNK_DATA
StructureUnion
ForwarderString.l
Function.l
Ordinal.l
AddressOfData.l
EndStructureUnion
EndStructure
Structure _IMAGE_EXPORT_DIRECTORY
Characteristics.l
TimeDateStamp.l
MajorVersion.w
MinorVersion.w
Name.l
Base.l
NumberOfFunctions.l
NumberOfNames.l
AddressOfFunctions.l
AddressOfNames.l
AddressOfNameOrdinals.l
EndStructure
;
;
; PE Format: http://go.microsoft.com/FWLink/?LinkId=84140
; http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
;
;
Procedure abort()
PrintN("press <ENTER>")
Input()
End
EndProcedure
OpenConsole()
#file = "meine.exe"
If ReadFile(0,#file)
size = Lof(0)
If size < SizeOf(_IMAGE_DOS_HEADER)
PrintN("ERROR: input file too small.")
Abort()
EndIf
PrintN("reading EXE ("+Str(size)+" bytes)")
*mem._IMAGE_DOS_HEADER = AllocateMemory(size)
If *mem=0
PrintN("memory allocation error.")
CloseFile(0)
abort()
Else
ReadData(0,*mem,size)
EndIf
CloseFile(0)
If *mem
If *mem\e_magic = #IMAGE_DOS_SIGNATURE Or *mem\e_magic = #IMAGE_DOS_SIGNATURE_REVERSED
If ((*mem\e_lfanew + SizeOf(_IMAGE_NT_HEADERS)) > size)
PrintN("ERROR: input file too small.")
Abort()
EndIf
*NTheader._IMAGE_NT_HEADERS = *mem + *mem\e_lfanew
If Not *NTheader\Signature = #IMAGE_NT_SIGNATURE ; PE00
PrintN("ERROR. no valid NT HEADER.")
Abort()
EndIf
PrintN("patching...")
;
; für Dich interessante Punkte
;
PrintN(Str(*NTheader\OptionalHeader\ImageBase))
PrintN(Str(*NTheader\OptionalHeader\BaseOfCode))
PrintN(Str(*NTheader\OptionalHeader\SizeOfCode))
PrintN(Str(*NTheader\OptionalHeader\AddressOfEntryPoint))
number_of_sections = *NTheader\FileHeader\NumberOfSections & $FFFF
PrintN(Str(number_of_sections))
*SectionHeader._IMAGE_SECTION_HEADER = *mem + *mem\e_lfanew + 4 + SizeOf(_IMAGE_FILE_HEADER) + *NTheader\FileHeader\SizeOfOptionalHeader
*CurrentSectionHeader._IMAGE_SECTION_HEADER = *SectionHeader
If number_of_sections
For a = 1 To number_of_sections
PrintN(" Name : "+PeekS(@*CurrentSectionHeader\Name[0],#IMAGE_SIZEOF_SHORT_NAME,#PB_Ascii))
PrintN(" Virtual Size : "+StrU(*CurrentSectionHeader\VirtualSize,#PB_Long)+" ($"+Hex(*CurrentSectionHeader\VirtualSize)+")")
PrintN(" Virtual Address : "+StrU(*CurrentSectionHeader\VirtualAddress,#PB_Long)+" ($"+Hex(*CurrentSectionHeader\VirtualAddress)+")")
PrintN(" Size of Raw Data : "+StrU(*CurrentSectionHeader\SizeOfRawData,#PB_Long)+" ($"+Hex(*CurrentSectionHeader\SizeOfRawData)+")")
PrintN(" Pointer to Raw Data : "+StrU(*CurrentSectionHeader\PointerToRawData,#PB_Long)+" ($"+Hex(*CurrentSectionHeader\PointerToRawData)+")")
PrintN(" Pointer to Relocations : "+StrU(*CurrentSectionHeader\PointerToRelocations,#PB_Long)+" ($"+Hex(*CurrentSectionHeader\PointerToRelocations)+")")
PrintN(" Pointer to Line Numbers : "+StrU(*CurrentSectionHeader\PointerToLinenumbers,#PB_Long)+" ($"+Hex(*CurrentSectionHeader\PointerToLinenumbers)+")")
PrintN(" Number of Relocations : "+StrU(*CurrentSectionHeader\NumberOfRelocations&$FFFF,#PB_Word))
PrintN(" Number of Line Numbers : "+StrU(*CurrentSectionHeader\NumberOfLinenumbers&$FFFF,#PB_Word))
x = *CurrentSectionHeader\Characteristics
If x
If x & #IMAGE_SCN_CNT_CODE : PrintN("found code section.") : EndIf
EndIf
*CurrentSectionHeader + SizeOf(_IMAGE_SECTION_HEADER)
Next a
EndIf
PrintN("writing file...")
If CreateFile(1,#file)
WriteData(1,*mem,size)
CloseFile(1)
PrintN("patched successfully. DONE.")
Else
PrintN("ERROR. can not write file "+#file)
abort()
EndIf
Else
PrintN("no valid executable found.")
abort()
EndIf
EndIf
Else
PrintN("ERROR. Can not open "+#file)
abort()
EndIf
PrintN("press <ENTER>")
Input()
[/size]
Re: Assembler code editieren
Verfasst: 15.12.2011 13:23
von deify
Danke! Ich weis zwar nicht genau was dieser code bereits gepatched hat, aber ich habe ihn modifiziert und er funktioniert jetzt einwandfrei (:
Ich habe einfach den block nach meinem patch entfernt, ist es richtig, wenn ich davon ausgehe dass dies auch ein patch war und er für die ausführung des Programms eigentlich irrelevant ist?
Ohne den Block klappts auch super

ich brauche ja lediglich die CodeBase um mein offset dazuzurechnen (:
Danke dir vielmals, hat super geklappt
mfg deify
Re: Assembler code editieren
Verfasst: 15.12.2011 14:35
von Danilo
Der Code ist nur ein kleiner mix aus einem Teil von meinem
PE-Viewer von 2003 (nur 32bit) und einem pbcompiler stack changer.
Wenn man einen Linker, Assembler o.ä. schreibt, muß man das beherrschen. Nicht nur zum patchen - aber sag das mal Anfängern wie ts-soft!
Klingt komisch dass das gehen soll, da ich meine Du musst die Code Section suchen und von dort aus
patchen. Aber OK, wenn es für Dich funktioniert. Alle Infos zum PE-Format hast Du ja nun, viel Spaß damit.
Re: Assembler code editieren
Verfasst: 15.12.2011 15:05
von ts-soft
Danilo hat geschrieben:Nicht nur zum patchen - aber sag das mal Anfängern wie ts-soft!
Was kann ich dafür, das Du mit den Begriffen Recht und Legal nichts anfangen kannst.
Aber es hat ja anscheinend keinen Sinn, Dir diese Begriffe zu erklären, da Du ja sonst
noch weiter beleidigend wirst. Bzw. ist mir auch nicht klar, wie meine Aussage mit Deinem
Beispiel zusammen hängen sollte.
Tschüss du ...
Re: Assembler code editieren
Verfasst: 15.12.2011 16:12
von deify
also ich habe deinen code so verwendet, dass ich die festellung der headerinformation durchlaufen lassen habe.
Das offset habe ich mir aus olly ausgerechnet.
Die eine Structure enthält ja die Base des Codes, hab einfach mal getestet ob ich denn die selben werte mit readbyte CodeBase+offset erhalte wie in olly, und TADA es hat geklappt (: patchen soweit auch problemlos, jetzt kommen nurnoch einige spielbezogene schwierigkeiten (:
Danke dir vielmals (:
mfg deify