ThMaStEr Posted May 19, 2012 Share Posted May 19, 2012 Hello , My first post in here .I need some help with Copy Memory Code , I tried to use memory.au3 but I think it didnt Help at allthis is Ex in Delphi expandcollapse popup{ ChangeOEP By Cobein Ported to Delphi by steve10120 } program ChangeOEP; uses Windows; type TByteArray = array of Byte; //{$R *.res} function ChangeOEPFromBytes(bFile:TByteArray):Boolean; var dOEP: DWORD; dCodePos: DWORD; IDH: TImageDosHeader; INH: TImageNtHeaders; ISH: TImageSectionHeader; begin Result := TRUE; try CopyMemory(@IDH, @bFile[0], SizeOf(IDH)); if not IDH.e_magic = IMAGE_DOS_SIGNATURE then Exit; CopyMemory(@INH, @bFile[IDH._lfanew], SizeOf(INH)); if not INH.Signature = IMAGE_NT_SIGNATURE then Exit; CopyMemory(@ISH, @bFile[IDH._lfanew + SizeOf(INH)], SizeOf(ISH)); dOEP := INH.OptionalHeader.AddressOfEntryPoint + INH.OptionalHeader.ImageBase; dCodePos := ISH.Misc.VirtualSize + ISH.PointerToRawData; INH.OptionalHeader.AddressOfEntryPoint := dCodePos + INH.OptionalHeader.BaseOfCode - ISH.PointerToRawData; CopyMemory(@bFile[IDH._lfanew], @INH, SizeOf(INH)); ISH.Misc.VirtualSize := ISH.SizeOfRawData; CopyMemory(@bFile[IDH._lfanew + SizeOf(INH)], @ISH, SizeOf(ISH)); bFile[dCodePos] := $68; CopyMemory(@bFile[dCodePos + 1], @dOEP, $4); bFile[dCodePos + 5] := $C3; except Result := FALSE; end; end; function ChangeOEPFromFile(sFile:string; sDestFile:string):Boolean; var hFile: THandle; dSize: DWORD; dRead: DWORD; dWritten: DWORD; bFile: TByteArray; begin Result := FALSE; hFile := CreateFile(PChar(sFile), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, 0, 0); if hFile <> INVALID_HANDLE_VALUE then begin dSize := GetFileSize(hFile, nil); SetLength(bFile, dSize); SetFilePointer(hFile, 0, nil, FILE_BEGIN); ReadFile(hFile, bFile[0], dSize, dRead, nil); CloseHandle(hFile); if (ChangeOEPFromBytes(bFile)) and (dSize = dRead) then begin if sDestFile = '' then sDestFile := sFile; hFile := CreateFile(PChar(sDestFile), GENERIC_WRITE, FILE_SHARE_WRITE, nil, CREATE_ALWAYS, 0, 0); if hFile <> INVALID_HANDLE_VALUE then begin SetFilePointer(hFile, 0, nil, FILE_BEGIN); WriteFile(hFile, bFile[0], dSize, dWritten, nil); CloseHandle(hFile); Result := TRUE; end; end; end; end; begin ChangeOEPFromFile('notepad.exe', 'fixed.exe'); end.I want to Get the Entry Point and change it then make jmp to itso it helps with Reverse Engineeringthank you . Link to comment Share on other sites More sharing options...
ThMaStEr Posted May 19, 2012 Author Share Posted May 19, 2012 Any help here ? Link to comment Share on other sites More sharing options...
Zedna Posted May 19, 2012 Share Posted May 19, 2012 (edited) Don't bump your topic before 24 hours! And post your (even unfinished) AU3 code to get more response. Edited May 19, 2012 by Zedna Resources UDF ResourcesEx UDF AutoIt Forum Search Link to comment Share on other sites More sharing options...
ThMaStEr Posted May 19, 2012 Author Share Posted May 19, 2012 (edited) Don't bump your topic before 24 hours! And post your (even unfinished) AU3 code to get more response. I could not even start with one this time . I tried to use this code thank you for replay <Removed> Edited May 19, 2012 by Valik Link to comment Share on other sites More sharing options...
Valik Posted May 19, 2012 Share Posted May 19, 2012 (edited) This is all kinds of do not want on this forum stuff. Thread locked. You want to reverse engineer you'll have to find another place to discuss it. Edited May 19, 2012 by Valik Link to comment Share on other sites More sharing options...
Recommended Posts