--------------------------------------------------------------------------------
COMMANDLINE INTERPRETER FIX..
--------------------------------------------------------------------------------

take a look at some normal commandlines..what i had to work with

this was 'rpp neotrace.rpp' from a dos box

0167:817154C8 22 43 3A 5C 28 55 4E 29-44 45 7E 31 5C 57 49 4E  "C:\(UN)DE~1\WIN
0167:817154D8 33 32 41 53 4D 5C 52 5F-50 50 41 54 43 48 5C 52  32ASM\R_PPATCH\R
0167:817154E8 50 50 2E 45 58 45 22 20-6E 65 6F 74 72 61 63 65  PP.EXE" neotrace
0167:817154F8 31 32 32 2E 72 70 70 00-2C 00 00 A0 43 3A 5C 28  122.rpp.,...C:\(


this was neotrace122.rpp dragged and dropped onto rpp.exe in windows explorer

0167:8170BE74 22 43 3A 5C 28 75 4E 29-44 65 56 65 4C 6F 50 4D  "C:\(uN)DeVeLoPM
0167:8170BE84 65 4E 54 5C 57 49 4E 33-32 41 53 4D 5C 72 5F 70  eNT\WIN32ASM\r_p
0167:8170BE94 70 61 74 63 68 5C 72 70-70 2E 65 78 65 22 20 43  patch\rpp.exe" C
0167:8170BEA4 3A 5C 28 55 4E 29 44 45-7E 31 5C 57 49 4E 33 32  :\(UN)DE~1\WIN32
0167:8170BEB4 41 53 4D 5C 52 5F 50 50-41 54 43 48 5C 4E 45 4F  ASM\R_PPATCH\NEO
0167:8170BEC4 54 52 41 7E 31 2E 52 50-50 00 00 00 70 BE 70 81  TRA~1.RPP...p.p.

this was 'rpp.exe scripts\fun.rpp' from a dos box....

0167:817172B0 22 43 3A 5C 28 55 4E 29-44 45 7E 31 5C 57 49 4E  "C:\(UN)DE~1\WIN
0167:817172C0 33 32 41 53 4D 5C 52 5F-50 50 41 54 43 48 5C 50  32ASM\R_PPATCH\P
0167:817172D0 41 54 43 48 44 7E 31 5C-52 50 50 2E 45 58 45 22  ATCHD~1\RPP.EXE"
0167:817172E0 20 73 63 72 69 70 74 73-5C 66 75 6E 2E 72 70 70   scripts\fun.rpp
0167:817172F0 00 00 00 00 34 00 00 A0-43 3A 5C 28 75 4E 29 44  ....4...C:\(uN)D


see? they all start with the path and name of the executable object, surronded by "quotes",
then a space , and then the commandline, null terminated.. i search for 20h( ), then
check before the 20h for quote (20h("))

BUT, passing the commandline from another process to this executable, it is all different, you
either get the commandline only 'loader.rpp' or in your programs case 'rpp loader.rpp'

so i had to recode the commandline interpreter.. 

(v1.0, had commandline, v1.1, i took it out, because it was screwy, v1.2i, i hoped i had fixed
it 100%, so i included it again..)

take a look at how complicated thing get using ASM...


        call    GetCommandLineA     ; returns in eax, pointer to commandline

        cmp     byte ptr [eax],22h  ; added for fix, check first byte for " , if not, goto new code
        jne     noquotes
@fixit:
        cmp     byte ptr [eax],0    ; if its NULL, theres no commandline
        je      openbox
        cmp     byte ptr [eax],20h  ; check for space
        jne     @floop              ; jne inc eax, jmp back
        cmp     byte ptr [eax-1],22h    ;check previous byte, see if its a "
        je      gotcl               ; if so, we have 22h,20h == end of first bit of commandline
@floop:
        inc     eax
        jmp     @fixit
        
noquotes:
        cmp     byte ptr [eax],0            ; added for fix
        je      openbox                     ; check first byte for NULL
        
        cmp     dword ptr [eax],' ppr'      ; as long as the filename hasnt been changed
        je      thatsgood
        cmp     dword ptr [eax],'.ppr'      ; maybe call getmodulefilename? to get my own name?
        je      thatsgood
        cmp     dword ptr [eax],' PPR'      ; these bits check for 'rpp '
        je      thatsgood                   ; if thats present, we skip to the space..
        cmp     dword ptr [eax],'.PPR'      ; if its not present, we have commandline only
        je      thatsgood
        jmp     movecommandline             ; copy 'REAL' commandline
thatsgood:
        inc     eax
        cmp     byte ptr [eax-1],' '
        jne     thatsgood               ; loop searching 4 space
        cmp     byte ptr [eax],0
        je      openbox
        jmp     movecommandline
gotcl:
        inc     eax
        cmp     byte ptr [eax],0    ; if the char after the space is null, there wasnt a commandline
        je      openbox
        cmp     byte ptr [eax],22h
        je      openbox
movecommandline:
        lea     edi, file_name
        mov     esi,eax
loop1:  
        movsb                   ; copy command line into file_name
        cmp     byte ptr [esi],0
        je      gotfile
        cmp     byte ptr [esi],22h
        je      fixquote
        jmp     loop1
fixquote:
        mov     byte ptr [edi],0
        jmp     gotfile

openbox:
        push    offset  @blah
        call    GetOpenFileNameA
        test    eax,eax
        je      Exit_Proc1

        push    offset otherstuff
gotfile:
        lea     eax, file_name
        call    open_file       ; load the file, seek to beginning



so there you go.. have a new build of rpp.exe, to see if it has addressed all problems..

--------------------------------------------------------------------------------
RPP v1.2i READPROCESSMEMORY FIX
--------------------------------------------------------------------------------

okay, its not broken, but some executables have to allocate memory before they
unpack into it, and if the memory isnt there, the loader cant read it, and it
exited with an error.. well, if the executable is going to allocate the memory,
it will be there soon, so this 'fix' stops the loaded exiting if theres a
readprocessmemory error.... 

see my source code..

----------------------------------------
Check_Data:

    push    0                               ; BytesRead
    push    ebx                             ; Length
    push    offset CSiR_RPBuffer            ; Destination (to read them to)
    push    ecx                             ; Source
    push    dword ptr [CSiR_ProcessInfo]    ; Process whose memory we are to read
    call    ReadProcessMemory
    test    eax,eax
    popad
    jz      ReadERR             ; heres the problem.. see text below..
----------------------------------------

right then.. i presume the memory location doesnt exist, and whatever program
allocates the memory before unpacking itself...

if the memory doesnt exist, theres going to be a readprocessmemory error...

kill the jz ReadERR, and it will work.. slight problem.. never took this into
account when i was coding it.. hehe.. normally, all the memory is allocated by
windows loader, when it reads the pe header..but some programs obviously use this
other method..

1 byte patch :) that you should have done yourselves... bpx readprocessmemory
crackers..

R!SC
