/* A simple patch loader for the "loadme.exe" file (http://home.inf.fh-rhein-sieg.de/~ikarim2s/files/loadme.zip) (http://home.inf.fh-rhein-sieg.de/~ikarim2s/files/loadme_src.zip) This source code shows you how to write a loader for a simple program. If you download and execute the "loadme.exe" you need to enter a password. Press on OK and you will see a MessageBox which says that the password ist incorrect. This loader starts the "loadme.exe" ; patch the memory of loadme and resume it. How you find out the right values and the right offset for the patch i will teach you in the next lession :) In our case now we simply patch 2 bytes at the adress 0x401EEE with the values 0x90 and again 0x90. (OPCODE 090 = Mnemonic NOP) This patch will disable the "badguy" jump of loadme. by Iman Karim ([email protected]) http://home.inf.fh-rhein-sieg.de/~ikarim2s/ Written in Borland C++ Builder 6 21.09.2005 */ //--------------------------------------------------------------------------- #include <vcl.h> #pragma hdrstop #include <conio.h> #include <stdio.h> static const unsigned char fname[]="loadme.exe"; //Filename STARTUPINFO stinfo; PROCESS_INFORMATION proinfo; //--------------------------------------------------------------------------- #pragma argsused int main(int argc, char* argv[]) { unsigned long writtenbytes; char newv[]="x90x90"; // This is the new value for the offset below(x90x90 = NOP NOP) long addr=0x401D6E; // Here we define our offset to write the new values ZeroMemory(&stinfo,sizeof(stinfo)); ZeroMemory(&proinfo,sizeof(proinfo)); printf ("Trying to create the process..."); bool res = CreateProcess(fname, NULL, NULL, NULL, NULL, CREATE_SUSPENDED, NULL, NULL, &stinfo, &proinfo); //NOTE THE CREATE_SUSPEND FLAG ABOVE. WE NEED THIS TO STOP THE PROCESS AFTER THE CREATION. if (res==false) { printf ("ERRORn"); printf ("Creating the Process failed!nMaybe <loadme.exe> not found...n"); return (0); }else { printf("DONEn"); printf("Trying to patch Memory..."); res=WriteProcessMemory(proinfo.hProcess, (LPVOID)addr, newv, 2, &writtenbytes); //WRITE THE PATCHED BYTES if (res==false) { printf ("ERRORn"); printf ("Cant patch the Memory.nKilling crackme.exe instance..."); TerminateProcess(proinfo.hProcess, 0); //KILL PROCESS IF FAILED TO PATCH printf ("DONEn"); }else { printf("DONEnResuming patched process now.n"); printf("%i bytes written!n",writtenbytes); ResumeThread(proinfo.hThread); //ALL OK? SO LETS RESUME THE THREAD } } Sleep(3000); return 0; } //---------------------------------------------------------------------------
Atari.2600
Comment