Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page help for create loader with packed program
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-04-2021, 17:28
quygia128's Avatar
quygia128 quygia128 is offline
Family
  
Join Date: Apr 2011
Location: SomeWhere
Posts: 109
Rept. Given: 243
Rept. Rcvd 182 Times in 47 Posts
Thanks Given: 122
Thanks Rcvd at 30 Times in 19 Posts
quygia128 Reputation: 100-199 quygia128 Reputation: 100-199
Quote:
Originally Posted by mcr4ck View Post
hi

I have a plan and I want to write a loader for it

Because the packed program takes a while to load in memory

I wanted to see how to load loaders for such programs

I will send an example that uses the following functions to load the desired part in memory and then start patching

Function:

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
Module32FirstW
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
You need reached in Memory place you want to patch before )
This is my Loader in Delphi Program (Some function in my programing library but i think you understand)

Code:
function Loader_PEFile(FName: string; FCRC32: string; pbyte: array of Byte;
                paddr: array of Cardinal; pSize: DWord): Boolean;
var
  StartupInfo: TStartupInfo;
  ProcessInfo: TProcessInformation;
  i,BytesRead: Cardinal;
  Buffer: array[0..4095] of Byte;

begin
  Result:= False;
  FillChar(Buffer,psize+1, 0);
  FillMeMory(@StartupInfo, SizeOf(StartupInfo), 0);
  StartupInfo.cb:= SizeOf(StartupInfo);
  if CreateProcessA(PChar(FName), nil, nil, nil, FALSE, NORMAL_PRIORITY_CLASS,
     nil, nil, StartupInfo, ProcessInfo) then begin
     WaitForInputIdle(ProcessInfo.hProcess, 2000); //INFINITE
     SuspendThread(ProcessInfo.hThread);
     if GetFileCRC32(FName) <> FCRC32 then begin
        TerminateProcess(ProcessInfo.hProcess, 0);
        MessageBox(0, PChar(ExtractFileName(FName) + ' - Loader is fail!' +#10+ { - Loader is fail!}
        'File was patched or other version.'), PChar('WARNING'), 48);
     end else begin

        if (psize = 1) OR (psize = 0)then begin
          for i:= 0 to SizeOf(pbyte)-1 do begin
            VirtualProtectEx(ProcessInfo.hProcess,Ptr(paddr[i]),psize,PAGE_EXECUTE_READWRITE,BytesRead);
            ReadProcessMemory(ProcessInfo.hProcess,Ptr(paddr[i]),@Buffer[i],psize,BytesRead);
            WriteProcessMemory(ProcessInfo.hProcess,Ptr(paddr[i]),@pbyte[i],psize,BytesRead);
          end;
        end else begin
          VirtualProtectEx(ProcessInfo.hProcess,Ptr(paddr[0]),psize,PAGE_EXECUTE_READWRITE,BytesRead);
          ReadProcessMemory(ProcessInfo.hProcess,Ptr(paddr[0]),@Buffer,psize,BytesRead);
          WriteProcessMemory(ProcessInfo.hProcess,Ptr(paddr[0]),@pbyte,psize,BytesRead);
        end;
        Sleep(200);
        ResumeThread(ProcessInfo.hThread);
        Result:= True;
     end;
  end else
  MessageBox(0, PChar(ExtractFileName(FName) + 'FName not found in current dir'), PChar('WARNING'), 48);
end;
BR,
quygia128
Reply With Quote
The Following 4 Users Say Thank You to quygia128 For This Useful Post:
countryboy (09-22-2021), mcr4ck (02-04-2021), niculaita (07-22-2021), sh3dow (07-26-2021)
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
QLoader - Quickly create a non-exe loader for application vic4key Community Tools 6 07-07-2022 23:11
dot net - how to create keygen using program's code Maltese General Discussion 5 06-15-2011 09:02


All times are GMT +8. The time now is 00:27.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )