Jump to content

Help With CopyMemory [example in Delphi]


Recommended Posts

Hello , My first post in here .

I need some help with Copy Memory Code , I tried to use memory.au3 but I think it didnt Help at all

this is Ex in Delphi

{ ChangeOEP

  By Cobein
  Ported to Delphi by steve10120
}

program ChangeOEP;

uses
  Windows;

type
  TByteArray = array of Byte;

//{$R *.res}

function ChangeOEPFromBytes(bFile:TByteArray):Boolean;
var
  dOEP: DWORD;
  dCodePos: DWORD;
  IDH:    TImageDosHeader;
  INH:    TImageNtHeaders;
  ISH:    TImageSectionHeader;
begin
  Result := TRUE;
  try
    CopyMemory(@IDH, @bFile[0], SizeOf(IDH));
    if not IDH.e_magic = IMAGE_DOS_SIGNATURE then
      Exit;

    CopyMemory(@INH, @bFile[IDH._lfanew], SizeOf(INH));
    if not INH.Signature = IMAGE_NT_SIGNATURE then
      Exit;

    CopyMemory(@ISH, @bFile[IDH._lfanew + SizeOf(INH)], SizeOf(ISH));
    dOEP := INH.OptionalHeader.AddressOfEntryPoint + INH.OptionalHeader.ImageBase;
    dCodePos := ISH.Misc.VirtualSize + ISH.PointerToRawData;
    INH.OptionalHeader.AddressOfEntryPoint := dCodePos + INH.OptionalHeader.BaseOfCode - ISH.PointerToRawData;
    CopyMemory(@bFile[IDH._lfanew], @INH, SizeOf(INH));
    ISH.Misc.VirtualSize := ISH.SizeOfRawData;
    CopyMemory(@bFile[IDH._lfanew + SizeOf(INH)], @ISH, SizeOf(ISH));

    bFile[dCodePos] := $68;
    CopyMemory(@bFile[dCodePos + 1], @dOEP, $4);
    bFile[dCodePos + 5] := $C3;
  except
    Result := FALSE;
  end;
end;

function ChangeOEPFromFile(sFile:string; sDestFile:string):Boolean;
var
  hFile:    THandle;
  dSize:    DWORD;
  dRead:    DWORD;
  dWritten: DWORD;
  bFile:    TByteArray;
begin
  Result := FALSE;
  hFile := CreateFile(PChar(sFile), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, 0, 0);
  if hFile <> INVALID_HANDLE_VALUE then
  begin
    dSize := GetFileSize(hFile, nil);
    SetLength(bFile, dSize);
    SetFilePointer(hFile, 0, nil, FILE_BEGIN);
    ReadFile(hFile, bFile[0], dSize, dRead, nil);
    CloseHandle(hFile);

    if (ChangeOEPFromBytes(bFile)) and (dSize = dRead) then
    begin
      if sDestFile = '' then
        sDestFile := sFile;
      hFile := CreateFile(PChar(sDestFile), GENERIC_WRITE, FILE_SHARE_WRITE, nil, CREATE_ALWAYS, 0, 0);
      if hFile <> INVALID_HANDLE_VALUE then
      begin
        SetFilePointer(hFile, 0, nil, FILE_BEGIN);
        WriteFile(hFile, bFile[0], dSize, dWritten, nil);
        CloseHandle(hFile);
        Result := TRUE;
      end;
    end;
  end;
end;


begin
  ChangeOEPFromFile('notepad.exe', 'fixed.exe');
end.

I want to Get the Entry Point and change it then make jmp to it

so it helps with Reverse Engineering

thank you .

Link to post
Share on other sites

Don't bump your topic before 24 hours!

And post your (even unfinished) AU3 code to get more response.

I could not even start with one this time .

I tried to use this code

thank you for replay ;)

<Removed>
Edited by Valik
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...