Last active
March 15, 2025 14:53
-
-
Save UserUnknownFactor/8296e4105bd0950c270d69a7d5eb115d to your computer and use it in GitHub Desktop.
Example patching script for binary executables written in PowerShell and running from a cmd batch file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @powershell.exe -ExecutionPolicy Bypass -Command "$_=((Get-Content \"%~f0\") -join \"`n\");$script=$_.Substring($_.IndexOf(\"goto :\"+\"EOF\")+9); &([ScriptBlock]::Create($script)) %*" | |
| @goto :EOF | |
| # PowerShell script starts here, we can also pass parameters like this since they are passed to the script block | |
| param($parameter1, $parameter2, $parameter3) | |
| $fileName = "game.exe" // game file | |
| $fileHashString = "abcdef12345678901111111111111111" // the file's MD5 hash | |
| function To-Utf16 { | |
| Param ([string]$EncString) | |
| return ([system.Text.Encoding]::Unicode).GetBytes($EncString) | |
| } | |
| function To-Utf8 { | |
| Param ([string]$EncString) | |
| return ([system.Text.Encoding]::UTF8).GetBytes($EncString) | |
| } | |
| $FileHash = Get-FileHash $fileName -Algorithm MD5 | |
| if ( $FileHash.Hash -ne $fileHashString) { | |
| Add-Type -AssemblyName PresentationFramework | |
| [System.Windows.MessageBox]::Show("Incorrect game file! The patch is for ... game.", "Error") | |
| } | |
| else { | |
| $bytes = [System.IO.File]::ReadAllBytes($fileName) | |
| if (-not [System.IO.File]::Exists("$fileName.bak")) { | |
| Rename-Item -Path $fileName -NewName "$fileName.bak" | |
| } | |
| # Example of multiple offsets replacement | |
| $offsets = @{} | |
| $offsets.add( 0x00111111, 0x01 ) | |
| $offsets.add( 0x00222222, 0x02 ) | |
| # ... | |
| foreach($key in $offsets.keys) | |
| { | |
| $bytes[$key] = $offsets[$key] | |
| } | |
| # example of group noping | |
| $offset = 0x00333333 | |
| $n_nopes = 5 | |
| for ($num = 0; $num -le $n_nopes; $num++) { | |
| $bytes[$offset + $num] = 0x90 | |
| } | |
| # example of single byte replacer | |
| $offset = 0x00444444 | |
| $bytes[$offset] = 0xEB | |
| # example of C-string replacer | |
| $offsets = @{} | |
| $offsets.add( "string1", "string_replacer" ) | |
| # ... | |
| foreach($key in $offsets.keys) | |
| { | |
| $nreplacer = $offsets[$key] -replace "\n", "`n" | |
| $nreplacer = To-Utf16 "`0$($nreplacer)`0" | |
| $nkey = $key -replace "\n", "`n" | |
| $nkey = To-Utf16 "`0$($nkey)`0" | |
| $bytes = $bytes -replace $nkey, $nreplacer | |
| } | |
| [System.IO.File]::WriteAllBytes($fileName, $bytes) | |
| Add-Type -AssemblyName PresentationFramework | |
| [System.Windows.MessageBox]::Show("Succesfully patched the game.") | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment