;Memory Patcher for Asprotected programs by +DzA kRAker (Regele Piratilor)
;I made this shit because of asprotect.
;this is my simple solution to bypass asprotect anti-loading
;procedures.
;Well,this is kinda slow because it won't wait for input idle after it executes target,
;it uses a lame method,based on FindWindowExA...i could have used that CreateToolhelpSnapshot
;api,but if i use that one,it will be kindu complicated ,because the patch won't
;be done at the right time...i mean when the packed exe is completly unpacked in memory(!)
;so,FindWindowsExA turned out to be the best solution...i think you can figure out
;why.
;This should probably work with other packers too (Aspack,UPX,Petite...etc)
.data
window db 'LOADME',0 ;the window name of the target
exename db 'sample.exe',0 ;the executable name of the target
pid dd 0 ;Process Id
Buffer1 dd 0 ;patch buffer
tit db 'TNT Memory Patcher v1.0 de +DzA kRAker (Regele Piratilor)',0
exenfmsg db 'Target does not seem to be here!',0
msg db 'sHit HapPEns',0
StartupInfo db 48h dup (0)
ProcessInfo dd 4 dup (0)
OFS = 0040101Ah ;here you enter the address to patch
;btw,this is not the right offset where the arpr crack
;must be done...go find it by yourself dude!
BytesNumber_1_1 = 1 ;how many bytes do we want to patch?
Buffer_1_1 db 075h ;first byte,second,blahblahblah
search:
Call FindWindowExA,0,0,0,offset window
test eax,eax
jz search ;if a correct window name is not found,we loop
Call GetWindowThreadProcessId,eax,offset pid ;we take the PID
test eax,eax
jz error ; jump to error message
call OpenProcess,0C0h,0,[pid] ;open the process
test eax,eax
jz error ;same error message
call WriteProcessMemory,EAX,OFS,OFFSET Buffer_1_1,BytesNumber_1_1 ,OFFSET Buffer1
jmp Exit
ret
看上去象keymaker 的原理
