I got the newest version of ppatcher send directly from The Welsh Dragon / thewd (4.15) :)
Should fix problems with win 2003 :-) ( you gotta make the config file yourself, havent got time.. You cant just use the old, but look at the samples, to enter the right version in top)
From the file : "- redesigned process & module enumeration routines for NT operating systems (due to changes introduced in Windows XP SP2 & Windows Server 2003 SP1)"
Have fun :D
v4.15.1158 (01 January 2005) - expanded the Address parameter to support additional functions (see section 3c for a complete list)
v4.15.1157 (03 September 2004) - redesigned process & module enumeration routines for NT operating systems (due to changes introduced in Windows XP SP2 & Windows Server 2003 SP1) - support added for terminal server sessions (see IgnoreSessionId parameter) - removed dependency on the psapi.dll module - improved memory patching routines - improved parsing engine - fixed bug in parsing engine (when handling script comments)
v4.14.1140 (04 November 2003) - the Filename parameter now supports the <request> string when using the OpenExistingProcess parameter. A list will be shown of all the processes running and the required process may be selected from the list (OpenExistingProcess must be declared before the Filename parameter) - bug fixes
v4.13.1139 (22 April 2003) - added WaitForTimeDelay parameter, which specifies the number of seconds to wait before continuing the patching engine - plugin api v1.03 - minor updates
Since v4.15, the memory address parameter has been expanded to support... - consecutive memory address patches in one parameter (maximum 128 bytes) e.g. Address=0x401000:0x74,0x04:0xEB,0x00 // patch 0x401000 & 0x401001 bytes
- . character as the <expected byte> to signal that you don't care what byte is found at the specific memory address e.g. Address=0x401000:.:0x43 // patch 0x401000 with 0x43
- . character as the <patched byte> to signal that you don't want to patch the specific memory address (you only what to search for the expected byte) e.g. Address=0x401000:0x43:. // skip memory address patch at 0x401000
- an additional element that specifies the variation number. Should the byte not be found at the specific address, how many memory addresses around this address should be searched for a match with the expected byte (best used with the conditional operators to reduce false positives) e.g. Address=0x401034:0x74:0xEB:0x34 // search from 0x401000 to 0x401068
- conditional operators before the <expected byte> value. This allows for an improved memory search and means that memory patches can be more generic
Operator | Description ---------------------------------------------------------------- = | found byte equals <expected byte> == | found byte equals <expected byte> != | found byte does not equal <expected byte> <> | found byte does not equal <expected byte> >= | found byte is greater than or equal <expected byte> <= | found byte is less than or equal <expected byte> > | found byte is greater than <expected byte> < | found byte is less than <expected byte> >< | found byte is between <expected bytes> (inclusive)
e.g. Address=0x401034:>0x73:0xEB // found byte is greater than 0x73 Address=0x401034:>0x73,<0x23:0xEB,. // found byte @ 0x401034 is greater // than 0x73. found byte @ 0x401035 // is less than 0x23 Address=0x401034:><0x73-0xAF:0xEB // found byte @ 0x401034 is between // 0x73 and 0xAF (inclusive)
