Jump to content
Sign in to follow this  
ThMaStEr

Help With CopyMemory [example in Delphi]

Recommended Posts

ThMaStEr

Hello , My first post in here .

I need some help with Copy Memory Code , I tried to use memory.au3 but I think it didnt Help at all

this is Ex in Delphi

{ ChangeOEP

  By Cobein
  Ported to Delphi by steve10120
}

program ChangeOEP;

uses
  Windows;

type
  TByteArray = array of Byte;

//{$R *.res}

function ChangeOEPFromBytes(bFile:TByteArray):Boolean;
var
  dOEP: DWORD;
  dCodePos: DWORD;
  IDH:    TImageDosHeader;
  INH:    TImageNtHeaders;
  ISH:    TImageSectionHeader;
begin
  Result := TRUE;
  try
    CopyMemory(@IDH, @bFile[0], SizeOf(IDH));
    if not IDH.e_magic = IMAGE_DOS_SIGNATURE then
      Exit;

    CopyMemory(@INH, @bFile[IDH._lfanew], SizeOf(INH));
    if not INH.Signature = IMAGE_NT_SIGNATURE then
      Exit;

    CopyMemory(@ISH, @bFile[IDH._lfanew + SizeOf(INH)], SizeOf(ISH));
    dOEP := INH.OptionalHeader.AddressOfEntryPoint + INH.OptionalHeader.ImageBase;
    dCodePos := ISH.Misc.VirtualSize + ISH.PointerToRawData;
    INH.OptionalHeader.AddressOfEntryPoint := dCodePos + INH.OptionalHeader.BaseOfCode - ISH.PointerToRawData;
    CopyMemory(@bFile[IDH._lfanew], @INH, SizeOf(INH));
    ISH.Misc.VirtualSize := ISH.SizeOfRawData;
    CopyMemory(@bFile[IDH._lfanew + SizeOf(INH)], @ISH, SizeOf(ISH));

    bFile[dCodePos] := $68;
    CopyMemory(@bFile[dCodePos + 1], @dOEP, $4);
    bFile[dCodePos + 5] := $C3;
  except
    Result := FALSE;
  end;
end;

function ChangeOEPFromFile(sFile:string; sDestFile:string):Boolean;
var
  hFile:    THandle;
  dSize:    DWORD;
  dRead:    DWORD;
  dWritten: DWORD;
  bFile:    TByteArray;
begin
  Result := FALSE;
  hFile := CreateFile(PChar(sFile), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, 0, 0);
  if hFile <> INVALID_HANDLE_VALUE then
  begin
    dSize := GetFileSize(hFile, nil);
    SetLength(bFile, dSize);
    SetFilePointer(hFile, 0, nil, FILE_BEGIN);
    ReadFile(hFile, bFile[0], dSize, dRead, nil);
    CloseHandle(hFile);

    if (ChangeOEPFromBytes(bFile)) and (dSize = dRead) then
    begin
      if sDestFile = '' then
        sDestFile := sFile;
      hFile := CreateFile(PChar(sDestFile), GENERIC_WRITE, FILE_SHARE_WRITE, nil, CREATE_ALWAYS, 0, 0);
      if hFile <> INVALID_HANDLE_VALUE then
      begin
        SetFilePointer(hFile, 0, nil, FILE_BEGIN);
        WriteFile(hFile, bFile[0], dSize, dWritten, nil);
        CloseHandle(hFile);
        Result := TRUE;
      end;
    end;
  end;
end;


begin
  ChangeOEPFromFile('notepad.exe', 'fixed.exe');
end.

I want to Get the Entry Point and change it then make jmp to it

so it helps with Reverse Engineering

thank you .

Share this post


Link to post
Share on other sites
ThMaStEr

Don't bump your topic before 24 hours!

And post your (even unfinished) AU3 code to get more response.

I could not even start with one this time .

I tried to use this code

thank you for replay ;)

<Removed>
Edited by Valik

Share this post


Link to post
Share on other sites
Valik

This is all kinds of do not want on this forum stuff. Thread locked. You want to reverse engineer you'll have to find another place to discuss it.

Edited by Valik

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×