Trong Posted January 8, 2016 Posted January 8, 2016 (edited) I do not know how to make it work:;~ SearchAndReplace proc _targetadress : dword, _searchpattern : dword, _searchmask : dword, _replacepattern : dword, ;~ _replacemask : dword, _patternsize : dword, _searchsize : dword, _patchnumber : dword ;~ Local local_returnvalue : byte ;returns if something was patched ;~ Local local_match : dword ;counts how many matchesDll ASM code: expandcollapse popup;********************************************************************************************** ;* Example (how to use) * ;* ------------------------------------------------------------------------------------------ * ;* search : 2A 45 EB ?? C3 ?? EF * ;* replace: 2A ?? ?? 10 33 C0 ?? * ;* * ;* .data * ;* SearchPattern db 02Ah, 045h, 0EBh, 000h, 0C3h, 000h, 0EFh * ;* SearchMask db 0, 0, 0, 1, 0, 1, 0 ;(1=Ignore Byte) * ;* * ;* ReplacePattern db 02Ah, 000h, 000h, 010h, 033h, 0C0h, 000h * ;* ReplaceMask db 0, 1, 1, 0, 0, 0, 1 ;(1=Ignore Byte) * ;* * ;* .const * ;* PatternSize equ 7 * ;* * ;* .code * ;* push -1 ;Replace Number (-1=ALL / 2=2nd match ...) * ;* push FileSize ;how many bytes to search from beginning from TargetAdress * ;* push PatternSize ;lenght of Pattern * ;* push offset ReplaceMask * ;* push offset ReplacePattern * ;* push offset SearchMask * ;* push offset SearchPattern * ;* push TargetAddress ;the memory address where the search starts * ;* call SearchAndReplace * ;* * ;* ReturnValue in eax (1=Success 0=Failed) * ;********************************************************************************************** .586 .model flat, stdcall option casemap :none SearchAndReplace PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD .code ;----this procedure is only for compiling a dll--- align 16 DllEntry proc _hinstance:DWORD, _reason:DWORD, _reserved1:DWORD mov eax,1 ;TRUE ret DllEntry endp align 16 SearchAndReplace proc _targetadress:dword,_searchpattern:dword,_searchmask:dword,_replacepattern:dword, _replacemask:dword,_patternsize:dword,_searchsize:dword,_patchnumber:dword LOCAL local_returnvalue :byte ;returns if something was patched LOCAL local_match :dword ;counts how many matches pushad mov local_returnvalue,0 mov local_match,0 mov edi,_targetadress mov esi,_searchpattern mov edx,_searchmask mov ebx,_patternsize xor ecx,ecx .while ecx!=_searchsize @search_again: ;---check if pattern exceed memory--- mov eax,ecx ;ecx=raw offset add eax,ebx ;raw offset + patternsize cmp eax,_searchsize ja @return ;if (raw offset + patternsize) > searchsize then bad! push ecx ;counter push esi ;searchpattern push edi ;targetaddress push edx ;searchmask mov ecx,ebx ;ebx=patternsize @cmp_mask: test ecx,ecx je @pattern_found cmp byte ptr[edx],1 ;searchmask je @ignore lodsb ;load searchbyte to al & inc esi scasb ;cmp al,targetadressbyte & inc edi jne @skip inc edx ;searchmask dec ecx ;patternsize jmp @cmp_mask @ignore: inc edi ;targetadress inc esi ;searchpattern inc edx ;searchmask dec ecx ;patternsize jmp @cmp_mask @skip: pop edx pop edi ;targetadress pop esi ;searchpattern pop ecx inc edi ;targetadress inc ecx ;counter .endw ;---scanned whole memory size--- jmp @return @pattern_found: inc local_match pop edx pop edi ;targetadress pop esi mov eax,_patchnumber cmp eax,-1 je @replace cmp local_match,eax je @replace pop ecx ;counter inc edi ;targetadress jmp @search_again ;---replace pattern--- @replace: mov esi,_replacepattern mov edx,_replacemask xor ecx,ecx .while ecx!=ebx ;ebx=patternsize @cmp_mask_2: cmp byte ptr[edx],1 je @ignore_2 lodsb ;load replacebyte to al from esi & inc esi stosb ;mov byte ptr[edi],al & inc edi jmp @nextbyte @ignore_2: inc edi ;targetadress inc esi ;replacepattern @nextbyte: inc edx ;replacemask inc ecx ;counter .endw mov local_returnvalue,1 ;yes, something was patched ;---search again?--- pop ecx ;counter-->scanned size cmp _patchnumber,-1 jne @return sub edi,ebx ;edi=targetadress ; countinue where stopped inc edi ;... inc ecx ;ecx=counter(pointer to offset) /bug fixed in v2.07 mov esi,_searchpattern mov edx,_searchmask jmp @search_again ;---return--- @return: popad movzx eax,local_returnvalue ret SearchAndReplace endp end DllEntry[SOLVED] snr.dup.search.and.replace.patchengine.sourcecode.src.zip Edited January 12, 2016 by Trong Regards,
Trong Posted January 8, 2016 Author Posted January 8, 2016 The purpose of this work are: search and replace Hex.I had failed to use the StringReplace() to search and replace short Hex in AutoIt .I'm looking for other solutions! Regards,
Danyfirex Posted January 9, 2016 Posted January 9, 2016 There are better way to format the code (chage parameter types, etc... but I'm lazy) I hope you got/rewrite the example. Local $sStringSource = "abcde" Local $tString = DllStructCreate("char Data[" & StringLen($sStringSource) & "]") $tString.Data = $sStringSource Local $tSearchPattern = DllStructCreate("byte[1]") DllStructSetData($tSearchPattern, 1, "c") Local $tSearchMask = DllStructCreate("byte[1]") DllStructSetData($tSearchMask, 1, 0, 1) Local $treplacepattern = DllStructCreate("byte[1]") DllStructSetData($treplacepattern, 1, Asc("F"), 1) Local $treplacemask = DllStructCreate("byte[1]") DllStructSetData($treplacemask, 1, 0, 1) Local $_targetadress = DllStructGetPtr($tString) Local $_searchpattern = DllStructGetPtr($tSearchPattern) Local $_searchmask = DllStructGetPtr($tSearchMask) Local $_replacepattern = DllStructGetPtr($treplacepattern) Local $_replacemask = DllStructGetPtr($treplacemask) Local $_patternsize = 1 Local $_searchsize = DllStructGetSize($tString) Local $_patchnumber = -1 Local $aRep = DllCall('snr_patchengine.dll', 'BYTE', 'SearchAndReplace', 'DWORD', $_targetadress, 'DWORD', $_searchpattern, 'DWORD', $_searchmask, 'DWORD', $_replacepattern, 'DWORD', $_replacemask, 'DWORD', $_patternsize, 'DWORD', $_searchsize, 'DWORD', $_patchnumber) ConsoleWrite($aRep[0] & @CRLF) ConsoleWrite($aRep & @CRLF) ConsoleWrite($tString.Data & @CRLF)Saludos Trong 1 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
Danyfirex Posted January 9, 2016 Posted January 9, 2016 work perfectly for me.A better example.expandcollapse popupLocal $sStringSource = "abcde" Local $tString = DllStructCreate("char Data[" & StringLen($sStringSource) & "]") $tString.Data = $sStringSource Local $tSearchPattern = DllStructCreate("byte[" & StringLen($sStringSource) & "]") DllStructSetData($tSearchPattern, 1, "abcde") Local $tSearchMask = DllStructCreate("byte[" & StringLen($sStringSource) & "]") DllStructSetData($tSearchMask, 1, 0, 1) DllStructSetData($tSearchMask, 1, 0, 2) DllStructSetData($tSearchMask, 1, 0, 3) DllStructSetData($tSearchMask, 1, 0, 4) DllStructSetData($tSearchMask, 1, 0, 5) Local $treplacepattern = DllStructCreate("byte[" & StringLen($sStringSource) & "]") DllStructSetData($treplacepattern, 1, Asc("F"), 1) DllStructSetData($treplacepattern, 1, Asc("G"), 2) DllStructSetData($treplacepattern, 1, Asc("D"), 3) DllStructSetData($treplacepattern, 1, Asc("H"), 4) DllStructSetData($treplacepattern, 1, Asc("B"), 5) Local $treplacemask = DllStructCreate("byte[" & StringLen($sStringSource) & "]") DllStructSetData($treplacemask, 1, 1, 1);avoid a DllStructSetData($treplacemask, 1, 0, 2) DllStructSetData($treplacemask, 1, 0, 3) DllStructSetData($treplacemask, 1, 1, 4) ;avoid d DllStructSetData($treplacemask, 1, 0, 5) Local $_targetadress = DllStructGetPtr($tString) Local $_searchpattern = DllStructGetPtr($tSearchPattern) Local $_searchmask = DllStructGetPtr($tSearchMask) Local $_replacepattern = DllStructGetPtr($treplacepattern) Local $_replacemask = DllStructGetPtr($treplacemask) Local $_patternsize = DllStructGetSize($treplacepattern) Local $_searchsize = DllStructGetSize($tString) Local $_patchnumber = -1 Local $aRep = DllCall('snr_patchengine.dll', 'BYTE', 'SearchAndReplace', 'DWORD', $_targetadress, 'DWORD', $_searchpattern, 'DWORD', $_searchmask, 'DWORD', $_replacepattern, 'DWORD', $_replacemask, 'DWORD', $_patternsize, 'DWORD', $_searchsize, 'DWORD', $_patchnumber) ConsoleWrite($aRep[0] & @CRLF) ConsoleWrite($aRep & @CRLF) ConsoleWrite($tString.Data & @CRLF)Do it more dynamically.Saludos Trong 1 Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
Trong Posted January 9, 2016 Author Posted January 9, 2016 My fault, dll 32-bit!Thank you very much! Regards,
Trong Posted January 12, 2016 Author Posted January 12, 2016 Completing the function:Code 1 (include dll on script):expandcollapse popupConsoleWrite("- OUT: " & _BinarySearchAndReplace("001122330033221100", "00", "99") & @CRLF) ConsoleWrite("! Error: " & @error & @CRLF) ConsoleWrite("- OUT: " & _BinarySearchAndReplace("001122330033221100", "00??", "0066") & @CRLF) ConsoleWrite("! Error: " & @error & @CRLF) ConsoleWrite("- OUT: " & _BinarySearchAndReplace("001122330033221100", "33??33", "55??77") & @CRLF) ConsoleWrite("! Error: " & @error & @CRLF) ConsoleWrite("- OUT: " & _BinarySearchAndReplace("001122330033221100", "0033??11", "77332?66") & @CRLF) ConsoleWrite("! Error: " & @error & @CRLF) Func _BinarySearchAndReplace($sStringHex, $sSearch, $sReplace) If (StringLeft($sStringHex, 2) = "0x") Then $sStringHex = StringTrimLeft($sStringHex, 2) If (StringLen($sStringHex) = 0) Or (StringLen($sSearch) = 0) Then Return SetError(-1, 0, $sStringHex);Not think to replace If @AutoItX64 Then Return SetError(1, 0, $sStringHex);Dll only for 32-bit ;--------------------------------------------------------- Begin create temp dll Local $sBinaryDll = '4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000C00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000071D4F7DB35B5998835B5998835B59988C9958B8834B59988BBAA8A8834B599885269636835B59988000000000000000000000000000000000000000000000000504500004C010300E8B694560000000000000000E0000E210B01050C00020000000400000000000000100000001000000020000000000010001000000002000004000000000000000400000000000000004000000004000000000000020000000000100000100000000010000010000000000000100000000020000057000000000000000000000000000000000000000000000000000000000000000000000000300000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' $sBinaryDll &= '2E74657874000000B7000000001000000002000000040000000000000000000000000000200000602E7264617461000057000000002000000002000000060000000000000000000000000000400000402E72656C6F6300000C00000000300000000200000008000000000000000000000000000040000042000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' $sBinaryDll &= '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000558BECB801000000C9C20C008D642400558BEC83C4F860C645FF00C745F8000000008B7D088B750C8B55108B5D1C33C9EB2C8BC103C33B45207773515657528BCB85C97420803A017408ACAE750A4249EBEF47464249EBE95A5F5E5947413B4D2075CFEB49FF45F85A5F5E8B452483F8FF74093945F874045947EBB68B75148B551833C9EB0D803A017404ACAAEB02474642413BCB75EFC645FF0159837D24FF750C2BFB47418B750C8B5510EB84610FB645FFC9C2200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' $sBinaryDll &= '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E8B694560000000032200000010000000100000001000000282000002C20000030200000101000004620000000004456545F5061746368456E67696E652E646C6C00536561726368416E645265706C616365000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' $sBinaryDll &= '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' $sBinaryDll &= '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000' Local $sDllFilePath = @TempDir & "\~PE32.dll" FileDelete($sDllFilePath) Local $hOpenDll = FileOpen($sDllFilePath, 2 + 8 + 16) FileWrite($sDllFilePath, Binary('0x' & $sBinaryDll)) FileClose($hOpenDll) If Not FileExists($sDllFilePath) Then Return SetError(-1, 0, $sStringHex);Can not write temp Dll ;----------------------------------------------------------- End Cceate temp dll ConsoleWrite("+ -IN: " & $sStringHex & @CRLF) Local $taStrPtr = DllStructCreate("char Data[" & StringLen($sStringHex) & "]") $taStrPtr.Data = $sStringHex Local $spStrPtr = DllStructCreate("byte[" & StringLen($sSearch) & "]") Local $smStrPtr = DllStructCreate("byte[" & StringLen($sSearch) & "]") Local $aStr = StringSplit($sSearch, "") For $i = 1 To $aStr[0] DllStructSetData($spStrPtr, 1, Asc($aStr[$i]), $i) DllStructSetData($smStrPtr, 1, $aStr[$i] = "?" ? 1 : 0, $i);avoid a Next Local $rpStrPtr = DllStructCreate("byte[" & StringLen($sReplace) & "]") Local $tmStrPtr = DllStructCreate("byte[" & StringLen($sReplace) & "]") Local $aStr = StringSplit($sReplace, "") For $i = 1 To $aStr[0] DllStructSetData($rpStrPtr, 1, Asc($aStr[$i]), $i) DllStructSetData($tmStrPtr, 1, $aStr[$i] = "?" ? 1 : 0, $i);avoid a Next Local $_TargetAdress = DllStructGetPtr($taStrPtr) Local $_SearchPattern = DllStructGetPtr($spStrPtr) Local $_SearchMask = DllStructGetPtr($smStrPtr) Local $_ReplacePattern = DllStructGetPtr($rpStrPtr) Local $_ReplaceMask = DllStructGetPtr($tmStrPtr) Local $_PatternSize = DllStructGetSize($rpStrPtr) Local $_SearchSize = DllStructGetSize($taStrPtr) Local $aRep = DllCall($sDllFilePath, 'BYTE', 'SearchAndReplace', 'DWORD', $_TargetAdress, 'DWORD', $_SearchPattern, 'DWORD', $_SearchMask, 'DWORD', $_ReplacePattern, 'DWORD', $_ReplaceMask, 'DWORD', $_PatternSize, 'DWORD', $_SearchSize, 'DWORD', -1) If @error Or (Not IsArray($aRep)) Then Return SetError(@error, 0, 0) $sReplace = "0x" & $taStrPtr.Data FileDelete($sDllFilePath) Return SetError(@error, 0, $sReplace) EndFunc ;==>_BinarySearchAndReplace Code 2: expandcollapse popupConsoleWrite("- OUT: " & _BinarySearchAndReplace("001122330033221100", "00", "99") & @CRLF) ConsoleWrite("! Error: " & @error & @CRLF) ConsoleWrite("- OUT: " & _BinarySearchAndReplace("001122330033221100", "00??", "0066") & @CRLF) ConsoleWrite("! Error: " & @error & @CRLF) ConsoleWrite("- OUT: " & _BinarySearchAndReplace("001122330033221100", "33??33", "55??77") & @CRLF) ConsoleWrite("! Error: " & @error & @CRLF) ConsoleWrite("- OUT: " & _BinarySearchAndReplace("001122330033221100", "0033??11", "77332?66") & @CRLF) ConsoleWrite("! Error: " & @error & @CRLF) Func _BinarySearchAndReplace($sStringHex, $sSearch, $sReplace) If (StringLeft($sStringHex, 2) = "0x") Then $sStringHex = StringTrimLeft($sStringHex, 2) If (StringLen($sStringHex) = 0) Or (StringLen($sSearch) = 0) Then Return SetError(-1, 0, $sStringHex);Not think to replace If @AutoItX64 Then Return SetError(1, 0, $sStringHex);Dll only for 32-bit ConsoleWrite("+ -IN: " & $sStringHex & @CRLF) Local $taStrPtr = DllStructCreate("char Data[" & StringLen($sStringHex) & "]") $taStrPtr.Data = $sStringHex Local $spStrPtr = DllStructCreate("byte[" & StringLen($sSearch) & "]") Local $smStrPtr = DllStructCreate("byte[" & StringLen($sSearch) & "]") Local $aStr = StringSplit($sSearch, "") For $i = 1 To $aStr[0] DllStructSetData($spStrPtr, 1, Asc($aStr[$i]), $i) DllStructSetData($smStrPtr, 1, $aStr[$i] = "?" ? 1 : 0, $i);avoid a Next Local $rpStrPtr = DllStructCreate("byte[" & StringLen($sReplace) & "]") Local $tmStrPtr = DllStructCreate("byte[" & StringLen($sReplace) & "]") Local $aStr = StringSplit($sReplace, "") For $i = 1 To $aStr[0] DllStructSetData($rpStrPtr, 1, Asc($aStr[$i]), $i) DllStructSetData($tmStrPtr, 1, $aStr[$i] = "?" ? 1 : 0, $i);avoid a Next Local $_TargetAdress = DllStructGetPtr($taStrPtr) Local $_SearchPattern = DllStructGetPtr($spStrPtr) Local $_SearchMask = DllStructGetPtr($smStrPtr) Local $_ReplacePattern = DllStructGetPtr($rpStrPtr) Local $_ReplaceMask = DllStructGetPtr($tmStrPtr) Local $_PatternSize = DllStructGetSize($rpStrPtr) Local $_SearchSize = DllStructGetSize($taStrPtr) Local $aRep = DllCall('DVT_PatchEngine.dll', 'BYTE', 'SearchAndReplace', 'DWORD', $_TargetAdress, 'DWORD', $_SearchPattern, 'DWORD', $_SearchMask, 'DWORD', $_ReplacePattern, 'DWORD', $_ReplaceMask, 'DWORD', $_PatternSize, 'DWORD', $_SearchSize, 'DWORD', -1) If @error Or (Not IsArray($aRep)) Then Return SetError(@error, 0, 0) $sReplace = "0x" & $taStrPtr.Data Return SetError(@error, 0, $sReplace) EndFunc ;==>_BinarySearchAndReplace Regards,
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now