[ HzorInline v1.3 beta build 20060824 ]                          ]
[ [ Introduction ]                                               ]
[ [   Hi all, this program will help you to create inline        ]
[ [   patches for packed PE files. Just use the result code in   ]
[ [   your patcher source!                                       ]
[ [ How does it work? ]                                          ]
[ [   It works in two passes. The first pass is the work that is ]
[ [   being done by the module. It returns some information (see ]
[ [   below) that the progeam uses in the second pass.           ]
[ [ What commands are available in the script language?          ]
[ [ - OUT=XXXXXXXX                                               ]
[ [   Where XXXXXXXX is a Virtual Address of a place in the      ]
[ [   packed PE file. If this command meets, the program will    ]
[ [   generate a code which changes 5 bytes in the address       ]
[ [   XXXXXXXX with a jump to the FREE space. You can restore    ]
[ [   them lately by the "REST" command. Please use this command ]
[ [   only _AFTER_ the "FREE=XXXXXXXX" type command!             ]
[ [ - OUT_CODE=XX,YY,ZZ.. (or OUT_CODE=#XXYYZZ..#)               ]
[ [   The standard code of jumping to the inline code looks like ]
[ [   "JMP ADDR", but if you (your module) want(s) to change it  ]
[ [   you can do that by specifying another code by bytes.       ]
[ [   this 5 bytes by the "REST" command.                        ]
[ [ - REST                                                       ]
[ [   This command will restore the patched 5 bytes of the       ]
[ [   previous command.                                          ]
[ [ - FREE=AUTO                                                  ]
[ [   When this command is specified, the program will try to    ]
[ [   search for a free space automatically.                     ]
[ [ - FREE=APPEND                                                ]
[ [   When this command is specified, the program will write the ]
[ [   inline patching procedure at the end of the file and will  ]
[ [   correct the last section's RAW Size field.                 ]
[ [ - FREE=XXXXXXXX                                              ]
[ [   Where XXXXXXXX is a RAW Address of a place in the packed   ]
[ [   PE file. Generally the program will find a free space      ]
[ [   automatically. But if the program fails, or you want to    ]
[ [   specify other address for inline patch use this command.   ]
[ [ - MAX_SIZE=XXXXXXXX                                          ]
[ [   If your module is searching for free space by its internal ]
[ [   algorithm you can tell the program the maximum count of    ]
[ [   bytes that your free space can hold for inline patch, if   ]
[ [   user's patch data will be very long, he will be noticed.   ]
[ [ - OEP=XXXXXXXX                                               ]
[ [   Where XXXXXXXX is a VA Address of a place in the packed    ]
[ [   PE file. When the "OEP=XXXXXXXX" command is specified, you ]
[ [   can later use "PUSH OEP" and "RETN" commands to jump to    ]
[ [   the OEP.                                                   ]
[ [ - PROC                                                       ]
[ [   This command will notify the program that the main         ]
[ [   procedure (inline patching) is began.                      ]
[ [ - PUSH FREE                                                  ]
[ [   This command will generate code to push the address of     ]
[ [   the FREE space. Can be used before the "RETN" commnad.     ]
[ [   NOTE: use this command only _AFTER_ all P,XXXXXXXX,YY type ]
[ [   commands!                                                  ]
[ [ - PUSH OEP                                                   ]
[ [   This command will generate code to push the address of     ]
[ [   the OEP. Can be used befor the "RETN" commnad.             ]
[ [ - RETN                                                       ]
[ [   This command will generate a code for return, can be used  ]
[ [   after "PUSH FREE" or "PUSH OEP" commands.                  ]
[ [ - PUSHAD                                                     ]
[ [   This command will generate a Pushad command.               ]
[ [ - POPAD                                                      ]
[ [   This command will generate a Popad command.                ]
[ [ - BIN=XX,YY,ZZ.. (or BIN=#XXYYZZ..#)                         ]
[ [   This command just will copy bytes to the inline patch, can ]
[ [   be used with complicated patch when you need some commands ]
[ [   which the script language does not have.                   ]
[ [ - P,XXXXXXXX,YY,YY,YY                                        ]
[ [   Where XXXXXXXX is a Virtual Address of a place in the      ]
[ [   packed PE file. YY-s are bytes, the count of YY-s is not   ]
[ [   limited. This command is for patchig XXXXXXXX address. You ]
[ [   can use many commands of this type. If the command is      ]
[ [   found _before_ PROC command it will be processed as a      ]
[ [   _simple_ patch! Not inline. It must be used for patching   ]
[ [   the body of unpacker! E.g. for patching the CRC32          ]
[ [   protection. When the command is found _after_ the PROC     ]
[ [   command it will be processed as an inline patch, in other  ]
[ [   words XXXXXXXX address will be patched after unpacking     ]
[ [   procedure.                                                 ]
[ [ - ENDP                                                       ]
[ [   This command will finish the work                          ]
[ [ - ;Anything                                                  ]
[ [   All lines starting with ";" character will not be          ]
[ [   processed, these lines are comments.                       ]
[ [ How to write a module? ]                                     ]
[ [   The module must contain 4 functions:                       ]
[ [ [ HzorInit ]                                                 ]
[ [   In EAX register will be the address of a string containing ]
[ [   the name of the packed PE file. Return -1 (TRUE) in EAX    ]
[ [   register if everything was OK or 0 (FALSE) if any error    ]
[ [   occured.                                                   ]
[ [ [ HzorDoJob ]                                                ]
[ [   In EAX register will be the ID of the script window. You   ]
[ [   must create a string with your work and set it to the      ]
[ [   window. Return -1 (TRUE) if all OK or 0 (FALSE) if an      ]
[ [   error occured. See the sources for more information.       ]
[ [ [ HzorPluginInfo ]                                           ]
[ [   This function will be called when user clicks the          ]
[ [   "Info..." button, a messagebox with the information about  ]
[ [   the plugin and the author of the module is welcomed.       ]
[ [ [ HzorIdentify ]                                             ]
[ [   You must check if the file is packed/protected by the      ]
[ [   packer/protector that your module supports, if it is,      ]
[ [   return -1 (TRUE), otherwise return 0 (FALSE).              ]
[ ============================================================== ]

[ [ Note ]                                                       ]
[   Please remember that this is a beta version, maybe it still  ]
[   contains some bugs, please report me when you find a bug.    ]
[ ============================================================== ]

[ Author: arnix                                                  ]
[ E-Mail: arnix@freenet.am (arnix.at@gmail.com for big messages) ]
[ URL:    http://arnix.at.googlepages.com                        ]


24 August, 2006  