Results 1 to 13 of 13

Thread: Tool Update: RTA 1.20 released...

  1. #1

    Tool Update: RTA 1.20 released...

    Yup, it's another new version. This one contains a (very) basic scripting language to automate patches that you might want to apply to more than one file. It also includes string searching, viewing the imports directory, and finally some of the useful values from the pe header.

    The scripting support will be expanding over time, so if you have any ideas for it, drop them in this thread. The same goes for the rest of the program really as well.

    Suggestions already noted: ability to change the entry point, pe re-aligner, create executable patch file from the modifications. These will probably be in v1.3.

    Like always, if you find any bugs/etc, either put them in this thread, or PM them.

    URL:

    http://ibiblio.org/paulc/rta/

  2. #2
    Sample script file, as there's no documentation to the prog as of yet. (However, if anyone wants to help with that...)
    Attached Files Attached Files

  3. #3
    Paul333
    Guest

    Looking good

    Thanks Squidge for upating

    paul333
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    wow.. nice one squidge, that was fast for so much updates... u must be real free or a darn good coder ...

    i like the scripting feature ... would be ideal if we can script byte patch as well... perhaps there is a way of doing it that i dont know about? How about searching a n-th occurance of a byte pattern starting from specific VA, RVA, section etc.. forward or backward direction... would be nice cos that would make the patching engine more complete ... and inline patching protectors easier and more fun ...

    I feel like a nagger but hey, you ASKED for it ...

    cheers,
    crUs

  5. #5
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    More suggestions


    Minimize button,

    Always on top option


    -nt20

  6. #6
    Thanks for the suggestions. However, it looks like I'll be needing to rewrite it now before making any more changes as it's becoming a nightmare to navigate around. It was started of as a quick hack, but now becoming greatly expanded so needs to be redesigned to accomodate this.

    I'll write up the new spec / requirements tonight, then start rewriting end of the weekend.
    Last edited by squidge; March 28th, 2003 at 18:16.

  7. #7
    Paul333
    Guest
    Just thought id say it again "I think this is a great tool best of its kind i reckon"

    Been using it to generate not just jmp's but mov's , push's etc.

    It also taught me that instead of only being able to change a far contional jump like

    0F845D001900

    to its opposites like

    0F855D001900
    0F875D001900

    etc etc

    But that i could just jump direct like this

    E95E001900

    As you see this can be a really powerful aid if used wisely

    Thanks again Squidge

    paul333
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Originally posted by Paul333
    It also taught me that instead of only being able to change a far contional jump ... to its opposites... i could just jump direct
    #1 rule of cracking: never replace a conditional jump with another conditional jump

  9. #9
    Paul333
    Guest
    Hmmm y not Disavowed ?

    If the user has bought this program jump to section without ANY further checks or restrictions OTHERWISE dont jump so i can enforce restrictions and lots of nags...

    Wouldnt changing a jump if to a direct jump not be the best in the above situation?

    oops sorry Dissavowed you didnt mean my direct jump but your meaning i think changing a jump from

    je jump if equal

    to a

    jne jump not equal

    is bad ettiquette..Why?

    Just say im cracking an app realtime and early on i meet a routine that checks for a certain value...lets say

    "if eax =1" JUMP TO Nag routine

    otherwise

    stay here in the good section

    I find that if i change it to its opposite like

    "if eax =1" DONT JUMP to Nag routine

    It helps me further into the crack

    because after changing 2 or 3 conditional jumps to there opposite
    i get the app to say "FULLY REGISTERED

    them further on in the crack iF i then make a further change to another jump and it suddenly goes back to "UNREGISTERED"

    i say BINGO..ive found the really important jump that affects all others .so i keep the change i made to that jump and go back and change the first ones i did back to there original state and HEY PRESTO cracked!!!..

    I would never have discovered how much that last jump affected the app if the initial changes i had made where direct jumps as opposed to there opposites!

    So in my opinion theres nothing wrong withy changing a jump if equal to a jump not equal.....ok i know that its best to change flags, values, etc as opposed to jumps but if u cant and do change jumps then i see no harm in it in fact in the above situation it actually heps to solve the crack???

    paul333





    paul333
    Last edited by Paul333; June 6th, 2003 at 18:18.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    just
    Guest
    You don't invert conditional jumps because you get things like people getting nagged the first 30 days they own a program to buy, and only after that can they actually use the program. Or a person accidentily inserts his original cd instead of the backup cd and can't play his game.

    You can change jumps, but you change them so they always do the right thing.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Paul333
    Guest
    Originally posted by just
    You can change jumps, but you change them so they always do the right thing.
    EXACTLY....whether its inverted or direct

    paul333
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    I have to agree here, inverting jumps is ok for experimentation purposes when you can't see any other option, but once you have found the correct combination of jumps, you should change them to the correct direct jump.

    Oh, and another thing. Like our master always said - if your killing a jump so it never jumps, use NOPs as a last resort. Something like "INC EAX, DEC EAX" does the same thing but can't be detected as easily, or even cause a jump to the next instruction, etc.

  13. #13
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Nothing new to add, I just wanted to put closure on my initial statement. The first lines by squidge in the post above this is exactly what I meant.

Similar Threads

  1. Update on Fravia's health #2
    By disavowed in forum Off Topic
    Replies: 94
    Last Post: May 2nd, 2011, 21:40
  2. Update on Fravia's health
    By disavowed in forum Off Topic
    Replies: 4
    Last Post: May 2nd, 2009, 00:08
  3. Update archive of the forum
    By NoLOcKs in forum Off Topic
    Replies: 2
    Last Post: June 30th, 2006, 17:14
  4. FSG 1.31 Update
    By bart in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: August 28th, 2002, 13:46
  5. Nice Update
    By Perry in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: June 6th, 2001, 19:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •