Menu

Welcome, Guest. Please login or register.
January 22, 2019, 11:37:20 pm

Login with username, password and session length

Author Topic: [TOOL] Replace binary patterns in files with given data  (Read 6802 times)

schlumpf

  • Administrator
  • Creator of Worlds
  • *****
  • Posts: 2951
    • View Profile
[TOOL] Replace binary patterns in files with given data
« on: May 21, 2012, 01:55:03 am »

Usage scenario


For the purpose of patching binaries like wow.exe, it is useful to have tools accepting a pattern with wildcards and data to put where the pattern was found.

For example, you may want to change the first occurrence of "f*o" to start with "b" in the data "barf0obaz".

To do so, you would create the binary pattern "66 ?? 6f", which equals to "f*o". You then want to replace that with "62", which equals "b".

By applying that pattern replacement, you end up with "barb0obaz".

With this tool, you can easily do that.

Technical information


The tool is written in C++11 and uses CMake to setup project files. It makes heavy usage of lambdas.

Downloads


I recompiled this: https://www.dropbox.com/s/f1nqxp26bw9keyg/binary_pattern_replace.zip?dl=0

Some patterns


Allow local files

(Forget MPQ: don't pack anymore)
  • Windows (tested on 12340): "E8 ?? ?? ?? ?? 6A 00 E8 ?? ?? ?? ?? 6A 02" "90 90 90 90 90 6A FF"
  • OSX (tested on 15464, 15689): "E8 ?? ?? ?? ?? C7 04 24 00 00 00 00 E8 ?? ?? ?? ?? C7 04 24 02 00 00 00" "90 90 90 90 90 C7 04 24 FF FF FF FF"

Allow badly signed MPQs to be loaded

(Sending Patches To The Client Through The WoW App)
  • Windows (tested on 12340): "55 8b ec 8b 45 1c 8b 4d 18 8b 55 14 53 68 ?? ?? ?? ??" "55 8b ec b9 05 00 00 00 8b 45 0c 89 08 b8 01 00 00 00 5d c2 18 00"
  • OSX (tested on 15689): "C7 44 24 18 ?? ?? ?? ?? 8b 45 1c 89 44 24 14 8b 45 18" "b9 05 00 00 00 8b 55 0c 89 0a b8 01 00 00 00 c9 c3"
« Last Edit: January 13, 2019, 05:42:35 pm by schlumpf »

schlumpf

  • Administrator
  • Creator of Worlds
  • *****
  • Posts: 2951
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #1 on: July 22, 2012, 04:43:50 pm »
Allow badly signed MPQs to be loaded Windows:
find:       55 8b ec 8b 45 1c 8b 4d 18 8b 55 14 53 68 ?? ?? ?? ??
replace with:    55 8b ec b9 05 00 00 00 8b 45 0c 89 08 b8 01 00 00 00 5d c2 18 00
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

funnybunny

  • Registred Member
  • GM Isle Explorer
  • *****
  • Posts: 19
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #2 on: October 31, 2012, 11:27:38 pm »
awesome work schlumpf :D
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

TheBuG

  • Contributors
  • Creator of Worlds
  • *****
  • Posts: 469
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #3 on: June 24, 2014, 11:52:47 pm »
I tried getting it, the loading of local files that is, to work for MoP (Retail) on Windows. Your binary replacement tools says it succesfully replaced the pattern, I dumped my files in the Data folder, but nothing happens. Did they change the folder structure for MoP?
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

akspa420

  • Registred Member
  • Polygonshifter
  • *****
  • Posts: 65
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #4 on: June 25, 2014, 02:04:42 am »
Quote from: "TheBuG"
I tried getting it, the loading of local files that is, to work for MoP (Retail) on Windows. Your binary replacement tools says it succesfully replaced the pattern, I dumped my files in the Data folder, but nothing happens. Did they change the folder structure for MoP?
Let's say you have map files to load - don't dump them in the Data subfolder, but in <WOWDIR>WorldMaps<mapname>
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

jpm11230

  • Registred Member
  • MS Paint Freak
  • *****
  • Posts: 3
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #5 on: July 18, 2014, 01:03:32 am »
I just came across this and tried editing my Wow.exe 8606 to allow private MPQs but it failed to find the patterns listed. Anyone know what the binaries are for 8606 (2.4.3)?
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

jpm11230

  • Registred Member
  • MS Paint Freak
  • *****
  • Posts: 3
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #6 on: July 18, 2014, 02:42:05 am »
Alright, I found two binaries that are close to what it is in 12304

55 8B EC 8B 45 1C 8B 4D 18 8B 55 14 68 FF 00 00
55 8B EC 8B 45 1C 8B 4D 18 8B 55 14 83 EC 08 50

Edit:
Since 55 8B EC 8B 45 1C 8B 4D 18 8B 55 14 68 FF 00 00 is the closet, I will try this one and let everyone know how it goes
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

jpm11230

  • Registred Member
  • MS Paint Freak
  • *****
  • Posts: 3
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #7 on: July 18, 2014, 03:36:48 pm »
No luck so far. :(
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

schlumpf

  • Administrator
  • Creator of Worlds
  • *****
  • Posts: 2951
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #8 on: December 06, 2015, 11:26:58 pm »
load local files, 7.0.1, osx64, last tested with 20773 and 20788

  • "c7 00 02 00 00 00 41 f6 c4 01 0f 84 ?? ?? ?? ??" "?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 90 90 90 90 90"
  • "8B 4D 9C F6 C1 01 0F 84 ?? ?? ?? ??" "?? ?? ?? ?? ?? ?? 90 90 90 90 90 90"
  • "c7 00 02 00 00 00 41 f6 ?? 01 74 ??" "?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 90" (twice)
  • "49 89 C6 f6 c3 01 0f 84 ?? ?? ?? ??" "49 89 C6 f6 c3 01 90 90 90 90 90 90"
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

TheBuG

  • Contributors
  • Creator of Worlds
  • *****
  • Posts: 469
    • View Profile
Re: [TOOL] Replace binary patterns in files with given data
« Reply #9 on: December 07, 2015, 03:08:26 pm »
Quote from: "schlumpf"
load local files, 7.0.1, osx64, last tested with 20773 and 20788

  • "c7 00 02 00 00 00 41 f6 c4 01 0f 84 ?? ?? ?? ??" "?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 90 90 90 90 90"
  • "8B 4D 9C F6 C1 01 0F 84 ?? ?? ?? ??" "?? ?? ?? ?? ?? ?? 90 90 90 90 90 90"
  • "c7 00 02 00 00 00 41 f6 ?? 01 74 ??" "?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 90" (twice)
  • "49 89 C6 f6 c3 01 0f 84 ?? ?? ?? ??" "49 89 C6 f6 c3 01 90 90 90 90 90 90"

Awesome! Thanks for sharing ;D
« Last Edit: January 01, 1970, 01:00:00 am by Admin »

stoneharry

  • Contributors
  • Creator of Worlds
  • *****
  • Posts: 616
    • View Profile