/*
  A simple patch loader for the "loadme.exe" file
   (http://home.inf.fh-rhein-sieg.de/~ikarim2s/files/loadme.zip)
   (http://home.inf.fh-rhein-sieg.de/~ikarim2s/files/loadme_src.zip)
   	
   This source code shows you how to write a loader for a simple program.
   If you download and execute the "loadme.exe" you need to enter a password.
   Press on OK and you will see a MessageBox which says that the password ist incorrect.
   This loader starts the "loadme.exe" ; patch the memory of loadme and resume it.
   How you find out the right values and the right offset for the patch i will teach you in the next lession :)
   In our case now we simply patch 2 bytes at the adress 0x401EEE with the values 0x90 and again 0x90. (OPCODE 090 = Mnemonic NOP)
   This patch will disable the "badguy" jump of loadme.
   
  by Iman Karim (iman.karim@smail.inf.fh-bonn-rhein-sieg.de)
  http://home.inf.fh-rhein-sieg.de/~ikarim2s/

  Written in Borland C++ Builder 6
  21.09.2005
*/
//---------------------------------------------------------------------------
#include <vcl.h>
#pragma hdrstop
#include <conio.h>
#include <stdio.h>
static const unsigned char fname[]="loadme.exe"; //Filename

STARTUPINFO stinfo;
PROCESS_INFORMATION proinfo;
//---------------------------------------------------------------------------

#pragma argsused
int main(int argc, char* argv[])
{
        unsigned long writtenbytes;
        char newv[]="\x90\x90";   // This is the new value for the offset below(\x90\x90 = NOP NOP)
        long addr=0x401D6E;       // Here we define our offset to write the new values
        ZeroMemory(&stinfo,sizeof(stinfo));
        ZeroMemory(&proinfo,sizeof(proinfo));
        printf ("Trying to create the process...");
        bool res = CreateProcess(fname, NULL, NULL, NULL, NULL, CREATE_SUSPENDED, NULL, NULL, &stinfo, &proinfo);
        //NOTE THE CREATE_SUSPEND FLAG ABOVE. WE NEED THIS TO STOP THE PROCESS AFTER THE CREATION.
        if (res==false)
        {
         printf ("ERROR\n");
         printf ("Creating the Process failed!\nMaybe <loadme.exe> not found...\n");
         return (0);
        }else
        {
         printf("DONE\n");
         printf("Trying to patch Memory...");
         res=WriteProcessMemory(proinfo.hProcess, (LPVOID)addr, newv, 2, &writtenbytes); //WRITE THE PATCHED BYTES
         if (res==false)
         {
          printf ("ERROR\n");
          printf ("Cant patch the Memory.\nKilling crackme.exe instance...");
          TerminateProcess(proinfo.hProcess, 0);																				 //KILL PROCESS IF FAILED TO PATCH
          printf ("DONE\n");
         }else
         {
          printf("DONE\nResuming patched process now.\n");
          printf("%i bytes written!\n",writtenbytes);
          ResumeThread(proinfo.hThread);																								 //ALL OK? SO LETS RESUME THE THREAD
         }
        }

        Sleep(3000);

        return 0;
}
//---------------------------------------------------------------------------