Exetools  

Go Back   Exetools > General > Source Code
Reload this Page Simple VMProtect Loader (C++)
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-19-2014, 23:46
Carbon Carbon is offline
VIP
  
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 60 Times in 19 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
I don't like the snippet. You didn't give a real explanation.

0x00A89010 -> This memory is dynamically allocated. This can change with every process start. Using this as hardcoded address doesn't seem smart.

Why do you read and write 12 bytes? You need only 2 (5) bytes.

It even looks like you don't need a 2nd ReadProcessMemory. If it is unpacked, it is unpacked. Why check it 2 times?
__________________
My blog: https://ntquery.wordpress.com
Reply With Quote
  #2  
Old 10-19-2014, 23:56
0x22 0x22 is offline
Family
  
Join Date: Aug 2014
Posts: 66
Rept. Given: 14
Rept. Rcvd 47 Times in 18 Posts
Thanks Given: 12
Thanks Rcvd at 64 Times in 21 Posts
0x22 Reputation: 47
Quote:
Originally Posted by Carbon View Post
I don't like the snippet. You didn't give a real explanation.

0x00A89010 -> This memory is dynamically allocated. This can change with every process start. Using this as hardcoded address doesn't seem smart.

Why do you read and write 12 bytes? You need only 2 (5) bytes.

It even looks like you don't need a 2nd ReadProcessMemory. If it is unpacked, it is unpacked. Why check it 2 times?
0x00A89010 <- in the program i used this last time was a particular case where this did not change.
I do agree that memory addresses change which wouldnt work properly.

However you dont need to use memory addresses.


Code:
ReadProcessMemory(procInfo.hProcess, (LPVOID)0x00409605, buffer, 12, &nSize);
		if ((buffer[0] == 0xF6) && (buffer[1] == 0xC1))
		{
			ReadProcessMemory(procInfo.hProcess, 0x409615, buffer2, 12, &nSize);
			if ((buffer2[0] == 0x74) && (buffer2[1] == 0x0C))
			{
				buffer2[0] = 0x90;
				buffer2[1] = 0x90;
				//buffer2[2] = 0x01;
				//buffer2[3] = 0xEB;
				//buffer2[4] = 0x0B;
				//buffer2[5] = 0x90;
				//buffer2[6] = 0x90;
				//buffer2[7] = 0x50;
				//Sleep(570);
				printf("Address FOUND and patched!\n");
				WriteProcessMemory(procInfo.hProcess, ADDRESS2, buffer2, 12, &nSize);

			}
You can also do it like this, this is entirely up to you.
If you don't like the way i did it, then make it better and post it here so that people can benefit from your inputs.

I agree on that you should dynamically set the bytes.
I do two ReadProcessMemory to make sure I'm at the correct place.

It's just something slapped together fast, and it works which is the most important thing for me.

I'm not a good coder so, I do thank you for your constructive feedback and i'm sorry if it doesnt appeal to your coding ideology
Please do your thing and post a better one, im sure both me and the community would be pleased.

Have a good day
Last edited by 0x22; 10-20-2014 at 00:26.
Reply With Quote
The Following User Gave Reputation+1 to 0x22 For This Useful Post:
mr.exodia (10-20-2014)
The Following User Says Thank You to 0x22 For This Useful Post:
niculaita (08-30-2016)
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
[HELP] How to write a simple Loader in ASM on MSDOS stoney81 General Discussion 5 12-20-2024 15:55
Simple Task [make loader for UPX target]... diablo2oo2 General Discussion 1 12-30-2004 07:03


All times are GMT +8. The time now is 22:08.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )