Well guys .... About the Run & Hide game Stone was talking a while
ago ?
Well.. maybe this is a good shot in that direction .... for aspack
then ;-)
Enjoy this cool toy, done by Chafe !
Intern
____________________________________________________________
INFO
The year is 1999.. It's been one year since ASPack made it's entrance
in the shareware-scene. During that time it has grown to become one of
the most popular .exe-packers, mostly depending on a few things:
1) It has a high compression-rate
2) It is free for non-commercial use (at least old versions)
Since it's such a popular packer, and pretty hard to patch without some
knowledge of asm-programming, I've made this tool.. It is not capable
of unpacking the files, but it makes it possible to patch them in
memory after they've been unpacked, without using any loaders or
standalone inmemory-patchers. This is accomplished by making a hook at
GetProcAddress and make an inmemory-patch when the hook is called from
a special location.
HOW TO USE
The first thing you will have to do is to find out WHERE in memory and
HOW your program needs to be patched to act like you want it to. SoftIce
should be able to help you with that. The next thing is to write down
the virtual address where you want it to be patched, and the DWORD, WORD
or BYTE value that the patch should insert.
When you know this, close your program and switch to SoftIce. Here set a
breakpoint on GetProcAddress and switch back to Windows. Start your
program again, and SoftIce should break. Type "D [address]" to see the
data at the location where you want to patch. It should not be unpacked
yet, so in most cases, your datawindow will show a lot of "??"'s.
Now, press F5 until you see the original unpacked code at the location
where you want to make a patch. When you do, type "DD ESP" in SoftIce,
and write down the first value in your data-window.
Clear all breakpoints and close down the program again. Start up ASPatch
and enter the filename of the program as inputfile. The outputfile could
be the same, but make sure that you have a backup of the program.
In the "[ESP]"-field, you enter the value you found in your datawindow
when you typed "DD ESP", in the "VA"-field you enter the virtual address
of the patchinglocation, and in the "To"-field you enter the value you
want the patch to insert.
Press the "Add"-button for the type of value you wish to use, and the
patch should be registered. If you need to patch in more than one
location, you just fill in the values and press the "Add"-button again.
Most of the times, the [ESP]-value is the same for all locations.
When you've registered all your patches, you simply press the
"Patch"-button to let ASPatch patch your file and write it to the
output-file. If you get the success-message, the patched file was
successfully written, and hopefully it should be working as mented. ;-)
IF IT DOESN'T WORK
This is a very new program, and I haven't been able to test it very
much, so I guess it contains lot's of bugs. There are also lots of
ways to fool ASPatch, making it crash or produce nonworking outputs.
I won't give any examples in this text.. It's up to the
softwarewriters to find out how ASPatch works, and how to patch
their packed programs to fool it.. ;-)
If you find a program that definitely is packed by ASPack and fools
ASPatch, report the program to me at chafe@gmx.net.
VERSIONS
0.01) First version.
0.02) Optimized the generated code a bit, reducing it to
75 + 19*NumberOfPatches from 89 + 19*NumberOfPatches..
0.03) Added a listbox to show the registered patches, and also a
button to remove one single patch. New logo added..
0.04) Added byte and word-patches, reducing the output code
to 75 + 19*nDWordPatches + 18*nWordPatches + 16*nBytePatches.
Changed the button-style.
0.05) First public release. Compatible with newest version of ASPack,
which adds an empty object at the end of the file. The
ASPack-code does not have to be in the last object any longer..
0.06) Fixed a bug that made it impossible to register a patch with
the value 0FFFFFFFFh in any of the fields. Also added dialogs
for choosing input and output-files..
1.00) Improved the routines for finding the objecttable, removing
the last to me known bug.
TECHNICAL INFORMATION
This program was coded in 100% pure Win32 assembly.
The main sourcecode is 962 lines long + 353 lines for the special
designed buttons. Ü
Ü
Attachment:
tmgasptc.zip
Description: Zip compressed data