Page 1 of 2 12 LastLast
Results 1 to 15 of 22

Thread: Patch a program in memory

  1. #1

    Patch a program in memory

    Hi all,
    I have a program that makes some complex operation when it starts.
    One of this operation consist in writing a global variable (at address [DS]:005387D4).
    It puts into this variable a value (0008) which limites very much the use of this program.

    I would like to write a patcher that:
    1. attach that program ( after it has started) just like olly for example
    2. go to the right memory address ([DS]:005387D4)
    3. and let me change the value of that global variable (from 0008 to FFFF).

    Is it possibile ?
    Have you ever done something like that ?
    Do you have a C code (for example) that can do this operation ?

    Thanks in advance.
    Last edited by techne; July 19th, 2013 at 15:57.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    It is very much possible. In fact in the tools section, there are several already made apps, called 'loader', and 'patcher' that are designed to do just what you ask, some with available code. . .

  3. #3
    Thank you naides
    but can I use these loader to automatize my patch?
    I mean I'd like to send my target program and the loader to one of my friends. He just should execute the target program and then the loader (correctly programmed).
    Is it possible?
    have you a loader to advice me?
    Last edited by techne; July 22nd, 2013 at 08:22.

  4. #4

  5. #5
    Thank you I will Read about these software as soon as possibile

  6. #6
    Hi all,
    I have downloaded the two program (DUP and THYloadergen).
    But it seems that they two applay a patch directly on my target program.
    When then I start the program, my fix is overwritten.

    I have to override a global variable after the program has started: how can I do with DUP or THYloadergen ?
    Thank you all...

  7. #7
    If youre aware of where the program is writing to, why not use your debugger to make the patch, or use a tool like CheatEngine to put a permanent patch on that address. Or if you track down the location of the instruction that makes the patch, modify that instruction..Or am i missing something?

  8. #8
    Thank you _genuine for your help,
    I have not to patch an instruction, I have to patch a global variable.
    when the program start, it makes many and many operation and at the end of the starting processs it put a value 0008 into a global variable (at address [DS]:005387D4).
    I'd like to change that value into FFFF, but I have to do this just after the program has started.
    If I do it before the program start, when it start, it changes the value again.

    So I need a program to patch automatically my target program and change the value at address [DS]:005387D4 from 0008 --> FFFF, but after my target program has started.
    I don't know if it is clear and if it is possibile.

    Thank you again.

  9. #9

  10. #10
    Thank you Nacho_dj,
    Pupe is exactly what I need.
    I execute pupe and apply (manually) the patch and everything goes fine.

    but...

    is it possible to exceute pupe from command line?
    I'd like to automatize the patch operation.
    Do you know if it possibile ?
    Last edited by techne; August 1st, 2013 at 10:21.

  11. #11
    Never tested that, but pupe comes with sources, so maybe you can add that feature...

  12. #12
    OK I will try to do something on that source.
    Thank you very much.

  13. #13
    Do you have any c++/c experience at all.. If you know the address patching it is a breeze.


    Code:
    #include <iostream>
    #include <windows.h>
    
    using namespace std;
    
    // setup here
    LPVOID targetAddress = (LPWORD)0x017E5950; // address
    int newValue = 1000;
    
    int main()
    {
        HWND hWnd = FindWindow(0, L"WindowName");
    
        if(!hWnd)
        {
            cout << "Could not find target window" << endl;
            return 1;
        }
    
        DWORD pID;
        GetWindowThreadProcessId(hWnd, &pID);
    
        HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, false, pID);
        if(!handle)
        {
            cout << "Could not open a process handle!" << endl;
            return 1;
        }
    
        size_t sznewValue = sizeof(newValue);
        int ret = WriteProcessMemory(handle, targetAddress, &newValue, sznewValue, NULL);
    
        if(ret < 1)
        {
            cout << "WriteProcessMemory failed!" << endl;
            return 1;
        }
        cout << "Written value to target memory address!" << endl;
        return 0;
    }
    Should work fine, dont forget to add the window name


    @blabberer: Could of sworn that i included the headers and variables... although when i tested i found a bug so re-edited post and forgot to copy/paste headers. My bad
    Last edited by qZanity; August 19th, 2013 at 06:52.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    no it is not the about the headers (missing headers could be my mistake when i edited your post instead of replying)

    it is more fundamental logic i talked about

    did you run this on anything and get a result
    what it was?
    why ?

    ask the 5 w 1 h and make it better

  15. #15
    Quote Originally Posted by blabberer View Post
    no it is not the about the headers (missing headers could be my mistake when i edited your post instead of replying)

    it is more fundamental logic i talked about

    did you run this on anything and get a result
    what it was?
    why ?

    ask the 5 w 1 h and make it better
    Umm well it's working fine by patching calc.exe MEMORYSTORE address.

    Not sure why you think it doesn't work
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Patch works in memory but not in executable file!
    By yyzyyz in forum The Newbie Forum
    Replies: 7
    Last Post: June 26th, 2008, 06:51
  2. How can I allocate memory in debugged program?
    By forgot in forum Plugins (General)
    Replies: 4
    Last Post: August 9th, 2005, 06:07
  3. "Patch program" functions removed in IDA Pro?!?
    By dELTA in forum Tools of Our Trade (TOT) Messageboard
    Replies: 13
    Last Post: August 21st, 2004, 18:55
  4. Unable to read memory of debugged program
    By yaa in forum OllyDbg Support Forums
    Replies: 7
    Last Post: August 15th, 2003, 13:39
  5. DS 2.7 Patch correction. Sorry.
    By nikolatesla20 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: October 25th, 2002, 16:02

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •