This code shows you to write a standalone loader.
Regards,
Atari.2600
Code:
/*
A simple patch loader for the "loadme.exe" file
(http://home.inf.fh-rhein-sieg.de/~ikarim2s/files/loadme.zip)
(http://home.inf.fh-rhein-sieg.de/~ikarim2s/files/loadme_src.zip)
This source code shows you how to write a loader for a simple program.
If you download and execute the "loadme.exe" you need to enter a password.
Press on OK and you will see a MessageBox which says that the password ist incorrect.
This loader starts the "loadme.exe" ; patch the memory of loadme and resume it.
How you find out the right values and the right offset for the patch i will teach you in the next lession :)
In our case now we simply patch 2 bytes at the adress 0x401EEE with the values 0x90 and again 0x90. (OPCODE 090 = Mnemonic NOP)
This patch will disable the "badguy" jump of loadme.
by Iman Karim ([email protected])
http://home.inf.fh-rhein-sieg.de/~ikarim2s/
Written in Borland C++ Builder 6
21.09.2005
*/
//---------------------------------------------------------------------------
#include <vcl.h>
#pragma hdrstop
#include <conio.h>
#include <stdio.h>
static const unsigned char fname[]="loadme.exe"; //Filename
STARTUPINFO stinfo;
PROCESS_INFORMATION proinfo;
//---------------------------------------------------------------------------
#pragma argsused
int main(int argc, char* argv[])
{
unsigned long writtenbytes;
char newv[]="x90x90"; // This is the new value for the offset below(x90x90 = NOP NOP)
long addr=0x401D6E; // Here we define our offset to write the new values
ZeroMemory(&stinfo,sizeof(stinfo));
ZeroMemory(&proinfo,sizeof(proinfo));
printf ("Trying to create the process...");
bool res = CreateProcess(fname, NULL, NULL, NULL, NULL, CREATE_SUSPENDED, NULL, NULL, &stinfo, &proinfo);
//NOTE THE CREATE_SUSPEND FLAG ABOVE. WE NEED THIS TO STOP THE PROCESS AFTER THE CREATION.
if (res==false)
{
printf ("ERRORn");
printf ("Creating the Process failed!nMaybe <loadme.exe> not found...n");
return (0);
}else
{
printf("DONEn");
printf("Trying to patch Memory...");
res=WriteProcessMemory(proinfo.hProcess, (LPVOID)addr, newv, 2, &writtenbytes); //WRITE THE PATCHED BYTES
if (res==false)
{
printf ("ERRORn");
printf ("Cant patch the Memory.nKilling crackme.exe instance...");
TerminateProcess(proinfo.hProcess, 0); //KILL PROCESS IF FAILED TO PATCH
printf ("DONEn");
}else
{
printf("DONEnResuming patched process now.n");
printf("%i bytes written!n",writtenbytes);
ResumeThread(proinfo.hThread); //ALL OK? SO LETS RESUME THE THREAD
}
}
Sleep(3000);
return 0;
}
//---------------------------------------------------------------------------
Atari.2600
Comment