I did a search on these forums, but did not find what I'm looking for. However I have a feeling this has been asked before... Sorry about that.

I am looking for a flexible patcher - something like aPATCH which uses a script I write. I've been using aPATCH, but its wildcard searches are not flexible enough. Often times instructions are swapped around in different compilations, so a simple method of a certain number of wildcard bytes will not always work. So I need something that allows a variable number of wildcard bytes. I would also like multiple possibility bytes - for when the same operation has multiple opcodes depending on the register used.

I started to search the web for patchers, but the problem is there are so many of them that do the same simple patching methods. So I came here, where knowledgable crackers are.

code your own then

hehe, that was also my first thought....

but back to topic:


how you mean that? can you explain with an example?



isnt it possible to use a wildcard for this?

Hi!



Well the problem with many knowledgable crackers are that they have long since stopped using other peoples generic apps and instead write their own patchers/loaders, and have forgotten about those they might have used in the beginning.... Hmm...

I suggest you start learning to code your own too!

It might be some work at first, but it is not THAT difficult, and you will make it if you put in the hours. Some people here will even be MORE willing to help you when you show that you have made some effort yourself.

/Manko

In response to coding my own, of course that would be the next step on the list. But I would have to be a fool to not first see if there is already a good one out there.



Certain operations have multiple forms of essentially the same operation. Different forms might use different registers, or a different number of operand bytes. One operation might have one form where the opcode is 67, and another form where the opcode is 68 (these are just random numbers, not a real example). So searching for just one or the other, or using a wildcard, will not always suffice.

did you make any progress in your research.
I try to find something like what you're lookin for.

I want an In-memory patcher with search and replace feature.
If you made any progress please contact me.

Bye

dUP 2 can make search&replace loaders and s&r inline patchers (with wildcards).
maybe that helps you..

And to spare us all from Moustafa's next post:

http://www.woodmann.com/forum/showthread.php?t=6113&page=2

I am shocked to hear that one can actually find things by using the SEARCH button at the top of the Forums. Who'd a thunk it. Clearly not Moustafa. He prefers to ask someone else to do his searching. Seems he STILL hasn't actually Read the damn FAQ.

You know Moustafa, that part about: - Please use the SEARCH function.

and

- Do not cross post. I can assure you that your question has already been answered and the answer can be found on this site or on some of the links included on this site.

Regards,

OH men plesae understand what i'm looking for
the program uses the function TimeGetTime or TimerGetTime then it compares the running time with 927C0 (10 minutes)

cmp eax,927C0
jle someplace

and these instructions are in virtual adresses that the program is encrypted with CRC32 crypto , I changed the jle to jmp and everything working FINE but the after running the program sometimes more the virtual adress has been cahnged that I found the instruction in another location.
and Dup search'n'replace for a static exe not encrypted (I tried it but i'll try again).
so I want the program to search the virtual adresses in program memory (during running) (from 400000 to 4FFFFF for example) and patch the jle to be jmp

I wish you got it or the dupmade what i need, I don't ask for a tool I ask for a source code or something.
If i was mistaken please forgive me.

thx for all your efforts
Greetz & Respect

and I don't understand what wildcards means
thx alot
Bye

Wild card explanation:

h**p://www.webopedia.com/TERM/W/wildcard_character.html

I'm in a good mood (got laid)

dUP 2 can make search&replace loaders and s&r inline patchers (with wildcards).
maybe that helps you..

search&replace won't be so easy when target is packed or crypted using a loader...... example with ASPR case... cuestion to Diablo2002 DOes DUP now support caption or class name windows trick for that purpose? .. i remember i never could patch any protected target by using dup loader feature since it need some memory address to start patching from.. but unfortunaly either don't work or never learn how use it.. could you explain me with a real target if really DUP can patch a protected target with a loader for ASPR...

My Best Regards

it depends on the aspr protection. if the target uses asprotect api to check a 30day trial period you must find this aspr code and patch this yourself.

but when the target is "only" packed with asprotect and no API for evaluation time is used, you can make a loader. to defeat the process crc check you can
1. directly kill process crc it in aspr code ( i have written a tool for that. download from my homepage)
2. use "MemCheck" method to skip process crc check.it will patch the target in memory when the crc check is done.. there is a tutorial for this on ArTeam site

ps. i will try to add windows detection method (window name/classname),although this method also doesnt work always..

thx very much for your replies
i'll try to search and continue researching

thx again

Bye