|
Registriert seit: 27. Mai 2005
Ort: Baden
315 Beiträge
Delphi 2007 Enterprise
|
Re: EXE Patchen (nichts illegales!!)
30. Dez 2007, 12:21
Ich habe hier mal was ganz schnell zusammengeschrieben, sollte funktionieren. Du musst halt den FileOffset zuerst mittels RvaToFileOffset umwandeln, also falls du Virtuelle Adressen benutzts.
Delphi-Quellcode:
function LoadFile(const sFilename: string; var lpBuffer: Pointer; var dwFileSize: Cardinal): Boolean;
var
hFile: THandle;
lpNumberOfBytesRead: Cardinal;
begin
Result := False;
hFile := CreateFile(PAnsiChar(sFilename), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, 0, 0);
if (hFile <> INVALID_HANDLE_VALUE) then
begin
dwFileSize := GetFileSize(hFile, nil);
if (dwFileSize > 0) then
begin
GetMem(lpBuffer, dwFileSize);
Result := ReadFile(hFile, lpBuffer^, dwFileSize, lpNumberOfBytesRead, nil) and (lpNumberOfBytesRead = dwFileSize);
end;
CloseHandle(hFile);
end;
end;
function SaveFile(const sFilename: string; var lpBuffer: Pointer; var dwFileSize: Cardinal): Boolean;
var
hFile: THandle;
lpNumberOfBytesWritten: Cardinal;
begin
Result := False;
hFile := CreateFile(PAnsiChar(sFilename), GENERIC_WRITE, FILE_SHARE_WRITE, nil, CREATE_ALWAYS, 0, 0);
if (hFile <> INVALID_HANDLE_VALUE) and (dwFileSize > 0) then
begin
Result := WriteFile(hFile, lpBuffer^, dwFileSize, lpNumberOfBytesWritten, nil) and (lpNumberOfBytesWritten = dwFileSize);
CloseHandle(hFile);
end;
end;
function RvaToFileOffset(var lpBuffer: Pointer; dwRva: Cardinal): Cardinal;
var
ImageDosHeader: PImageDosHeader;
ImageNtHeaders: PImageNtHeaders;
ImageSection: PImageSectionHeader;
x: Word;
begin
Result := 0;
ImageDosHeader := PImageDosHeader(Cardinal(lpBuffer));
if (ImageDosHeader^.e_magic = IMAGE_DOS_SIGNATURE) then
begin
ImageNtHeaders := PImageNtHeaders(Cardinal(lpBuffer) + Cardinal(ImageDosHeader._lfanew));
if (ImageNtHeaders^.Signature = IMAGE_NT_SIGNATURE) then
begin
if (dwRva > ImageNtHeaders^.OptionalHeader.ImageBase) then
dwRva := dwRva - ImageNtHeaders^.OptionalHeader.ImageBase;
for x := 0 to ImageNtHeaders^.FileHeader.NumberOfSections -1 do
begin
ImageSection := PImageSectionHeader(Cardinal(lpBuffer) + Cardinal(ImageDosHeader^._lfanew) + SizeOf(TImageNtHeaders) + (x * SizeOf(TImageSectionHeader)));
if (dwRva >= ImageSection.VirtualAddress) and (dwRva < ImageSection.VirtualAddress + ImageSection.SizeOfRawData) then
begin
Result := dwRva - ImageSection.VirtualAddress + ImageSection.PointerToRawData;
Break;
end;
end;
end;
end;
end;
procedure UpdateOffset(var lpBuffer: Pointer; dwFileOffset: Cardinal; Value: Byte); overload;
begin
PByte(Cardinal(lpBuffer) + dwFileOffset)^ := Value;
end;
procedure UpdateOffset(var lpBuffer: Pointer; dwFileOffset: Cardinal; Value: Word); overload;
begin
PWord(Cardinal(lpBuffer) + dwFileOffset)^ := Value;
end;
procedure UpdateOffset(var lpBuffer: Pointer; dwFileOffset: Cardinal; Value: DWORD); overload;
begin
PDWORD(Cardinal(lpBuffer) + dwFileOffset)^ := Value;
end;
procedure TForm1.FormCreate(Sender: TObject);
var
lpBuffer: Pointer;
dwFileSize, dwFileOffset: Cardinal;
begin
if LoadFile('C:\z.exe', lpBuffer, dwFileSize) then
begin
dwFileOffset := RvaToFileOffset(lpBuffer, $0040104E);
UpdateOffset(lpBuffer, dwFileOffset, $90909090);
SaveFile('C:\z2.exe', lpBuffer, dwFileSize);
FreeMem(lpBuffer, dwFileSize);
end;
end;
|
|
|
Zitat
|