Hello everyone

I have a small issue, which I don't think is too hard for you guys to solve.
There's a program that i like to patch by making my own patcher in visual basic 6. I know perfectly well how to RCE but this is my first time with trying to patch a program through code. This is the situation :

Address : 0040120D ( contains a jump value )

How can I load this program into vb6 and change the jump value ? I want it to jump to ( for example ) address 00401208. Please don't tell me to google it or go read up on things, I have read everything that I could find in the last 2 days but nothing has given me a clear answer. Help would be really appreciated!

- Petr

just find ROW_file offset of that VIRTUAL_address..

Well, jumps are relative from where you jump. So its basically like this.. first byte is E9 and then the last four are calculated using a simple formula: address_to_where_you_wanna_jump - address_from_you_wanna_jump - 5

Hopefully that's what you meant

smoke

Thanks to both your replies I do understand what I need to do, I just don't really get how to formulate that in vb6. Here is the exact situation :

0040120D : JMP 0040109B (This needs to jump to address 0040109D instead of 0040109B)

What I don't understand is : What syntax do I need to use (in vb6) that will open the file for input, find the appropriate address (0040120D) and patch it with "JMP 0040109D" ?

I'm hopelessly lost on finding out how to convert all these values (such as the instruction "JMP 0040109D) to vb6 code I have the intellect for it but something in my brain is just refusing to let me figure this out (for some strange reason)

Coding your own patcher in whatever language you choose to use is a good project to undertake, but if you urgently need a patcher for a simple patch as you describe try a patch generator:

http://www.woodmann.com/collaborative/tools/Category:Patcher_Generators

I have years of experience with patch generators, that's no problem I was just hoping that someone here could aid me in creating my own patcher

Hm, it seems strange to me that you have "years" of experience with RCE and patchers, yet do not know about the byte encoding of jumps

Well first of all, like evaluator said, you will need to find the raw file offset that corresponds to the virtual address you have (40120D). If you open your target .exe in any disassembler and go to the virtual address, it should show you the raw offset in the status bar (well maybe not *any* disassembler, but both W32dsm and IDA Pro do it).

Once you have found the raw offset, your patcher will need to open the target .exe in binary mode, seek to the raw offset, and write the new bytes. The exact bytes you need to write depend on jump type, jump size (short or long) and jump target. Also you should be able to find out how to open and write files in VB6 in a matter of seconds... This is not a forum about teaching VB

Concerning jump bytes, they come in these flavours:
7x xx (short conditional jump)
EB xx (short unconditional jump)
0F 8x xx xx xx xx (long conditional jump)
E9 xx xx xx xx (long unconditional jump)

As you see, the short jumps have 1-byte sized offsets while the long jumps have 4 bytes. Mind you that the 4-byte sized ones are in little endian (which you probably know if you can RCE perfectly). The offset is this: (address of instruction you want to jump to) - (address of instruction that comes after the jump). smoke's example was for a long unconditional jump, that's where the 5 comes from (size of the jump instruction).

So with the addresses of your jump and your jump target you can calculate the offset to write. Next determine where exactly to write the offset (depends on jump type; can be at jumpaddress+1 or jumpaddress+2). And don't forget about endianness.

Arc thank you very much for your comment But you understand me wrong hehe, I do know all the differences in JMP operations and all but I did not know how to formulate them in vb... I searched help from another RCE called 0xNeff and he helped me make my patcher

i wrote this crap in excel vba i dont think real vb is very far from this


a
if you put iczelion tutorial no 2 msgbox.exe in c:\ and run this from some vba you will see the string iczelion tutorial has been overwritten by eeeeeeeeeeeeeeee
on the exe

if you are really having the skills what you claim then you shouldnt be having any further questions atleast not about opening a file and writing some bytes
in any language

I think no one who respond to this topic understood my question. I was not asking for a babystep article on how to do everything from beginning, I was just asking how I could make a patch in VB that could write a value. I know the value and I know the logic but i didn't know the syntax. Also I say some person has already helped me with this He has understand it when I said it to him in 1 try and it did not take 8 people to figure it out this topic can be closed.

- Petr

Hm. I suspect this is a VB Coding question as opposed to the normal RCE question, am I correct?

Maybe a VB Board will help you better?

Have Phun

@PetrH: Are you kidding ? You are able to patch programs ?? Either manually or by use of generic patchers ?? You know whats the difference between 0x74XX and 0x75XX but you tell us you dont know what you need to code patcher, independant from what language you want to use????????

- open a file !!!!!!
- navigate the filepointer to the offset you want to patch !!!!!!
- write your patch bytes there !!!!!!!!
- close the file !!!!!!!

these steps are always the same, independant from what language you use ?????? if you know what you mentioned above than you should at least know that.

for sure nobody here will help you finding the correct syntax in vb to do so. what the hell is google for ????
i have never coded vb but im sure mostly anybody here will be able to write a small patch in half an hour with a little searching.

think about your questions next time, rce people don't like stupid questions and you will realize that very soon if you continue with questions like this.

regards,

OHPen

I don't know how you can possibly say that nobody understood your question when Blabberer responded to exactly what you asked for. People puzzle me.