HzorInline

[ [ Hi all, this program will help you to create inline ] [ [ patches for packed PE files. Just use the result code in ] [ [ your patcher source! ] [ [ How does it work? ] ] [ [ It works in two passes. The first pass is the work that is ] [ [ being done by the module. It returns some information (see ] [ [ below) that the progeam uses in the second pass. ] [ [ What commands are available in the script language? ] [ [ - OUT=XXXXXXXX ] [ [ Where XXXXXXXX is a Virtual Address of a place in the ] [ [ packed PE file. If this command meets, the program will ] [ [ generate a code which changes 5 bytes in the address ] [ [ XXXXXXXX with a jump to the FREE space. You can restore ] [ [ - OUT_CODE=XX,YY,ZZ.. (or OUT_CODE=#XXYYZZ..#) ] [ [ The standard code of jumping to the inline code looks like ] [ [ "JMP ADDR", but if you (your module) want(s) to change it ] [ [ you can do that by specifying another code by bytes. ] [ [ this 5 bytes by the "REST" command. ] [ [ - REST ] [ [ This command will restore the patched 5 bytes of the ] [ [ previous command. ] [ [ - FREE=AUTO ] [ [ When this command is specified, the program will try to ] [ [ search for a free space automatically. ] [ [ - FREE=APPEND ] [ [ When this command is specified, the program will write the ] [ [ inline patching procedure at the end of the file and will ] [ [ correct the last section's RAW Size field. ] [ [ - FREE=XXXXXXXX ] [ [ Where XXXXXXXX is a RAW Address of a place in the packed ] [ [ PE file. Generally the program will find a free space ] [ [ automatically. But if the program fails, or you want to ] [ [ specify other address for inline patch use this command. ] [ [ - MAX_SIZE=XXXXXXXX ] [ [ If your module is searching for free space by its internal ] [ [ algorithm you can tell the program the maximum count of ] [ [ bytes that your free space can hold for inline patch, if ] [ [ user's patch data will be very long, he will be noticed. ] [ [ - OEP=XXXXXXXX ] [ [ Where XXXXXXXX is a VA Address of a place in the packed ] [ [ PE file. When the "OEP=XXXXXXXX" command is specified, you ] [ [ can later use "PUSH OEP" and "RETN" commands to jump to ] [ [ the OEP. ] [ [ - PROC ] [ [ This command will notify the program that the main ] [ [ procedure (inline patching) is began. ] [ [ - PUSH FREE ] [ [ This command will generate code to push the address of ] [ [ the FREE space. Can be used before the "RETN" commnad. ] [ [ NOTE: use this command only after all P,XXXXXXXX,YY type ] [ [ commands! ] [ [ - PUSH OEP ] [ [ This command will generate code to push the address of ] [ [ the OEP. Can be used befor the "RETN" commnad. ] [ [ - RETN ] [ [ This command will generate a code for return, can be used ] [ [ after "PUSH FREE" or "PUSH OEP" commands. ] [ [ - PUSHAD ] [ [ This command will generate a Pushad command. ] [ [ - POPAD ] [ [ This command will generate a Popad command. ] [ [ - BIN=XX,YY,ZZ.. (or BIN=#XXYYZZ..#) ] [ [ This command just will copy bytes to the inline patch, can ] [ [ be used with complicated patch when you need some commands ] [ [ which the script language does not have. ] [ [ - P,XXXXXXXX,YY,YY,YY ] [ [ Where XXXXXXXX is a Virtual Address of a place in the ] [ [ packed PE file. YY-s are bytes, the count of YY-s is not ] [ [ limited. This command is for patchig XXXXXXXX address. You ] [ [ can use many commands of this type. If the command is ] [ [ found before PROC command it will be processed as a ] [ [ simple patch! Not inline. It must be used for patching ] [ [ the body of unpacker! E.g. for patching the CRC32 ] [ [ protection. When the command is found after the PROC ] [ [ command it will be processed as an inline patch, in other ] [ [ words XXXXXXXX address will be patched after unpacking ] [ [ procedure. ] [ [ - ENDP ] [ [ This command will finish the work ] [ [ - ;Anything ] [ [ All lines starting with ";" character will not be ] [ [ processed, these lines are comments. ] [ [ How to write a module? ] ] [ [ The module must contain 3 functions: ] [ [ [ HzorInit ] ] [ [ In EAX register will be the address of a string containing ] [ [ the name of the packed PE file. Return -1 (TRUE) in EAX ] [ [ register if everything was OK or 0 (FALSE) if any error ] [ [ occured. ] [ [ [ HzorDoJob ] ] [ [ In EAX register will be the ID of the script window. You ] [ [ must create a string with your work and set it to the ] [ [ window. Return -1 (TRUE) if all OK or 0 (FALSE) if an ] [ [ error occured. See the sources for more information. ] [ [ [ HzorPluginInfo ] ] [ [ This function will be called when user clicks the ] [ [ "Info..." button, a messagebox with the information about ] [ [ the plugin and the author of the module is welcomed. ] [ ============================================================== ]

[ [ Note ] ] [ Please remember that this is a beta version, maybe it still ] [ contains some bugs, please report me when you find a bug. ] [ ============================================================== ]