|
Inline Patching ASPacked Program
Hi,
I found this nice app which uses a simple serial registration.:) Quote:
I need to inline patch it to make an internal keygen. All my effrts to insert patch data failed as the inlinepatched app. crashes complaining about a missing DLL file.Can Anybody take alook at this?? My supposed patch bytes are Quote:
|
look at VA 5DB39Ch, this dword contains OEP RVA (173118), so change replace it with 80 (address after DOS stub)
Now, you can add your byte replacement code at 400080h |
Hi,
The method that is mentioned by Spiteful is very nice. But if the packer is Aspack you can have another method for inline patching. This is where you have your OEP Code:
005DB3B0 61 POPADCode:
005DB3B0 61 POPAD005DB3C1 8B85 26040000 MOV EAX,DWORD PTR SS:[EBP+426] To 005DB430 FF95 54050000 CALL DWORD PTR SS:[EBP+554] Is always the same. I mean you have the same code for all the time. So searching for these bytes will lead you to the OEP. But the fact is that these lines are just JUNK CODES. So you can easily change them to any code you like. The result is a huge space for inline patching. But be careful of this command: 005DB436 0000 ADD BYTE PTR DS:[EAX],AL This command is very critical and shouldn't be touched. I mean this command is you limitation line. never change it and commands after this line are critical also. So you line patch will be like this: Code:
005DB3A8 0BC9 OR ECX,ECX ; ntdll.77F532FAJust copy and paste these bytes to see the result. C7 05 6C C0 55 00 8B 45 DC 90 C6 05 70 C0 55 00 3E 68 18 31 57 00 C3 90 90 90 I hope this method is useful for further inline patching ASpack. Best Regards, Android. |
1 Attachment(s)
Also u may use this nice tool... :cool:
|
Thanks SLV.
That's a great Tool. ;) Regards, Android. |
My friend Ap0x wrote a nice patch engine with inline patching ;)
http://ap0x.blogspot.com/2005/05/ape-v004alfa.html |
Thank you verymuch friends. Sorry for a late reply.
I've tried the methods shown by Spiteful and Android ,both works fine. Thankx Android for deep post in to ASPACK code that may be usefull in future too. @nikola Can you give a direct link to that inline patcher? Both links at Ap0x's blog are not working. Anyway it'a an amazing tool with support for 10's of packers... |
Hi another different question,
I found the following in the Ap0x's blog . Can anybody translate this please?;) Quote:
|
Nothing special... General guide
Quote:
|
Here is link to 0.0.3
http://www.wasm.ru/baixado.php?mode=tool&id=341 |
2 Attachment(s)
when it deals to patch ASPack files i often use Diablo2002's Universal Patcher. It just does the job perfectly.
First unpack your target (my_target.exe), dump it (as target_dumped.exe), make all your modifications (with olly) and save them to new file (target_patched.exe). Now fire up dUP, and locate your modified and patched file. dUP will compare which modifications you've done, then show itthe real file to patch (the packed one: (my_target.exe), get infos and thhat's all, it will create a small patch that you can send anywhere and will perform all the modifications. Here are the links to dUP v1.14 and dUP v2.03, yet i can't make v2.03 work, still got an error and i don't know why. However: |
Hi nikola,
That link works. Thankx for the translation. Ap0x's work is really great with support for 34 packers !!! I wonder why this patcher is not so popular.... @Kameo Thankx for this info.I haven't tried it yet. But I remember it complais 'bout incorrect file size.So which are the supposed original & patched files in the Offset Patch Tab of dUp v1.14.. |
hum... not sure what you are about, however, in the Offset Patch Tab of dUP v1.14, the top one is for your dumped file and the bottom one is for your patched-dumped file.
If you're not sure, just look at the text at the top of the FileSelectionDialogBox that popups. Hope it helps. |
| All times are GMT +8. The time now is 02:53. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX