 R!SC's Process Patcher v1.2i -- evc_risc@hotmail.com  6th May '99

 Description
 -----------

 RPP.EXE is a process patch creator, creates a win32.exe from a simple script,
 which will then load a process, and wait for it to unpack/deprotect itself,
 then patch the memory to fix any bugs that the author left in the program,
 y'no, like NAG screens, or silly 30 day trials, and its the only one of its
 kind!!! (which produces a stand-alone win32 exe) i cheat a bit by using a
 precompiled loader, and just altering the data in it, but who cares...

 Usage
 ------

 Double click rpp.exe in windows explorer, select a script file to use, and
 press OK :)
 
 or use from the commandline "rpp.exe <script.rpp>"
 
 If the file you name as the output file exists, it will be OVERWRITTEN, you
 have been warned...

 the script can have any name/extension


 The Script commands
 -------------------
 ';' means comment, everything is ignored until the next line
 'T=' denotes the amount of tries to patch the processes memory
 'F=' denotes the name of the file/process to load/patch
 'O=' denotes the filename of the loader to create
 'P=' denotes a process patch. followed by the ADDRESS to patch,
      the bytes that should be there, and the bytes to patch it with
      SEE EXAMPLE SCRIPTS...
 ':' is the end marker of every command, must be there
 '$' denotes the end-of-script

 all numbers are taken as hexadecimal
 the amount of check bytes must match the amount of patch bytes in the process
 patch command (P=). ALL BYTES ARE SEPERATED BY A COMMA

example script:

;script.rpp
T=1000:     ;Try 1000 times to patch the memory
F=test.exe: ;program to load/patch
P=40101D/74,60/74,00:   ;change a jz xx to a jz next instruction

P=4024A6/46,52,45,45,20/52,21,53,43,00: ;replace text 'FREE ' with 'R!SC',0

$ ;end of script


 script allows a maximum of 127 RVA's to patch, and can store a maximum of
 3772 bytes for search/replace, so you can only patch a total of 1886 bytes

 Known Problems
 --------------
 
 seems unable to patch real small files, they unpack and run before it gets
 chance to write to their memory, can be fixed, but how many small files are
 there that need patching? none? ok then..
 
 write a script to patch itself, heh, windows get overrun with loader loading
 loader loading loader loading loader etc. great fun..
 
 'P=401000/68/B8:'
 'F=fun.exe:'
 'O=fun.exe:', then run fun.exe :) rebOOt
 
 RPP only tested on win95, don't know about 98, should work, NT, hmmm,
 absolutely no idea :(

 
 Thanks & stuff
 --------------
 
 Thewd, from who i borrowed the idea of a process patcher engine
 The guys who wrote UPX, which i used to compress my program
 Pedro, for teaching me to crack Securom :) eh?
 
 
 Licence Agreement
 -----------------
 
 You must reverse engineer, disassemble, or decompile this program, and do
 what u want with the code, it wont be much help to u, but, if u don't, you are
 not licenced to use 'rpp.exe'
 

 History
 -------

april 19th...v0.0
 monday, got hold of thewd's process patcher, and didn't like it, had some
 ideas on writing my own...

april 20th...v0.01
 tuesday, scribbled some code down at work, kept thinking about how to do it,
 and do it properly

april 21st...v0.01
 wednesday, slept all day :)

april 22nd...v0.6
 thursday, spent 5 hours coding & testing the script conversion routine

april 23rd...v1.0
 friday, spent about 5hrs finishing off thursdays code, rewrote a loader to be
 able to include the data from the script conversion, integrated the two
 programs, and wrote the silly dox. heh, cracked pe-crypt aswell :) (cracking
 freeware, doh!)

april 24th...v1.0
 thought about adding another command to the script
 
april 25th...v1.0 (still :)
 sunday afternoon, spent couple of minutes adding a new command to the script,
 'O=', so u can specify the name of the loader you want to create

april 29th...v1.1
 sometime thursday, fixed script conversion to include more precise error
 messages, and include line numbers. fixed script conversion to understand
 CAPITAL and small ASCii Hex numbers, for ease of programming, i was idle
 before, and only included conversion of CAPITALS. Got rid of commandline, in
 favour of GetOpenFileNameA (nice box). Probably ready for the first release,
 1 week after the first line of code

may 6th...v1.2i
 re-added commandline option, counts amount of patch data to make sure you
 don't go over the limits, increased default timer loop, increased script
 buffer to a max of 40kb, cus they soon grow with a few comments, maybe did
 some other stuff aswell :)
 
 (c)1999 R!SC  --  evc_risc@hotmail.com