|
|
#15
07-20-2002, 06:59
|
|||
|
|||
|
I know what is needed to be done..
A small example: Add some function (this is the pattern to find, (757A3C00) to notepad.exe pack the file with some packer UPX, Neolite or whatever you can patch in a nice way without unpacking. Add 3318 (random value another time)bytes to the pe, correct the header (unpacked one) pack the file again using the same packer as before. Oep is for sure the same as it is the same file, but where is my EB7A3C00 bytes in the second file, yes as this is the example we know where the bytes is but think as we didn't? You'll not find them on the packed exe on disc but will in memory. I'm not looking for VA to patch just the pattern to read the VA from. Yes I do need CreateFile, when the byte pattern is found I need it plus some other information down to disc using CreateFile. Asm, yes seems to be a nice project (maybe too big)where I can learn some asm, not doing this snooping around in s-i on somebody elses code. meRlin 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [DnSpy] - Find out running threads | tusk | General Discussion | 3 | 04-17-2017 03:06 |
| Writing to a running (in-use) executable file | omidgl | General Discussion | 20 | 11-17-2005 00:54 |
Threaded Mode