Want to Join Us ?

you'll be able to discuss, share and send private messages.

Process Patcher, v4.15

Discussion in 'Tools of the Trade.' started by storm shadow, May 30, 2013.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    http://cs.rin.ru/forum/viewtopic.php?p=111413#p111413
    by duckie

    Win 2003 Fix

    I got the newest version of ppatcher send directly from The Welsh Dragon / thewd (4.15) :)

    Should fix problems with win 2003 :)
    ( you gotta make the config file yourself, havent got time.. You cant just use the old, but look at the samples, to enter the right version in top)

    From the file :
    "- redesigned process & module enumeration routines for NT operating systems (due to changes introduced in Windows XP SP2 & Windows Server 2003 SP1)"

    Have fun :D

    v4.15.1158 (01 January 2005)
    - expanded the Address parameter to support additional functions
    (see section 3c for a complete list)

    v4.15.1157 (03 September 2004)
    - redesigned process & module enumeration routines for NT operating systems
    (due to changes introduced in Windows XP SP2 & Windows Server 2003 SP1)
    - support added for terminal server sessions (see IgnoreSessionId parameter)
    - removed dependency on the psapi.dll module
    - improved memory patching routines
    - improved parsing engine
    - fixed bug in parsing engine (when handling script comments)

    v4.14.1140 (04 November 2003)
    - the Filename parameter now supports the <request> string when using the
    OpenExistingProcess parameter. A list will be shown of all the processes
    running and the required process may be selected from the list
    (OpenExistingProcess must be declared before the Filename parameter)
    - bug fixes

    v4.13.1139 (22 April 2003)
    - added WaitForTimeDelay parameter, which specifies the number of seconds to
    wait before continuing the patching engine
    - plugin api v1.03
    - minor updates

    Since v4.15, the memory address parameter has been expanded to support...
    - consecutive memory address patches in one parameter (maximum 128 bytes)
    e.g. Address=0x401000:0x74,0x04:0xEB,0x00 // patch 0x401000 & 0x401001 bytes

    - . character as the <expected byte> to signal that you don't care what byte
    is found at the specific memory address
    e.g. Address=0x401000:.:0x43 // patch 0x401000 with 0x43

    - . character as the <patched byte> to signal that you don't want to patch
    the specific memory address (you only what to search for the expected byte)
    e.g. Address=0x401000:0x43:. // skip memory address patch at 0x401000

    - an additional element that specifies the variation number. Should the byte
    not be found at the specific address, how many memory addresses around this
    address should be searched for a match with the expected byte
    (best used with the conditional operators to reduce false positives)
    e.g. Address=0x401034:0x74:0xEB:0x34 // search from 0x401000 to 0x401068

    - conditional operators before the <expected byte> value. This allows for an
    improved memory search and means that memory patches can be more generic

    Operator | Description
    ----------------------------------------------------------------
    = | found byte equals <expected byte>
    == | found byte equals <expected byte>
    != | found byte does not equal <expected byte>
    <> | found byte does not equal <expected byte>
    >= | found byte is greater than or equal <expected byte>
    <= | found byte is less than or equal <expected byte>
    > | found byte is greater than <expected byte>
    < | found byte is less than <expected byte>
    >< | found byte is between <expected bytes> (inclusive)

    e.g
    Address=0x401034:>0x73:0xEB // found byte is greater than 0x73
    Address=0x401034:>0x73,<0x23:0xEB,. // found byte @ 0x401034 is greater
    // than 0x73. found byte @ 0x401035
    // is less than 0x23 Address=0x401034:><0x73-0xAF:0xEB // found byte @ 0x401034 is between
     

    Attached Files:

    Rip Cord likes this.
Top