Solved

Changing exe hex values

Posted on 2000-03-18
8
321 Views
Last Modified: 2010-05-02
Is it possible to change the hex values of an EXE like you would with a hex editor?
I know it is possible in C to SEEK hex addresses, but I don't know if this is possbile in vb or not.
Once I've got to the right place by using a hex address, can I then change what ever the program has at that point?
For instance goto 00046D7A in a program and change the code from something like 753C6A006A00 to E93900000090? For instance.
Can you give me some code or some explanations please.
0
Comment
Question by:billy_98_1
  • 5
  • 3
8 Comments
 
LVL 14

Accepted Solution

by:
mcrider earned 100 total points
ID: 2631849
Yes, open the EXE in binary and then you can use the SEEK statement to go to a particular BYTE offset.

The SEEK statement uses decimal offsets instead of HEX beginning at 1

Using a hex dumping program like "Quick View Plus" lets say you identified the place you wanted to change the bytes at offset hex 000840...  

    Const PatchOffset = &H840
    Dim fNum As Long
    Dim FileName As String
     
    fNum = FreeFile
    FileName = "c:\windows\desktop\testfile.exe"
    Open FileName For Binary As #fNum
    Seek #fNum, PatchOffset + 1
    Put #fNum, , Chr$(&H59)
    Put #fNum, , Chr$(&H0)
    Put #fNum, , Chr$(&H45)
    Put #fNum, , Chr$(&H0)
    Put #fNum, , Chr$(&H50)
    Put #fNum, , Chr$(&H0)
    Put #fNum, , Chr$(&H21)
    Close fNum



Cheers!®©

0
 
LVL 1

Author Comment

by:billy_98_1
ID: 2631862
So, I need to change my hex offset to a decimal. And any thing I want to change I have to change from a hex value to a decimal?
I'm guessing I can add up the hex values in my mind. So A1 would be 11+2 (just so to make sure)?
0
 
LVL 14

Expert Comment

by:mcrider
ID: 2631883
>>So, I need to change my hex offset to a decimal.

You need to change it to decimal+1... Remember, SEEK starts at 1, not 0


>>And any thing I want to change I have to change from a hex value to a decimal?

If for example, you wanted to write the letter "A" which is x41 at a particular byte offset, you would do chr$(65)

Make Sense??


Cheers!®©

0
 
LVL 14

Expert Comment

by:mcrider
ID: 2631889
By the way, you see in the code example above that I am writing the CHR$ like this:

    Put #fNum, , Chr$(&H59)

Chr$(&H59) is the same as using Chr$(89)...

Both give you a "Y". &H59 gets converted automatically to a decimal value...



Cheers!®©
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Author Comment

by:billy_98_1
ID: 2631890
Where did x41 come from? I'm guessing 65 is the ascii value for 'A'?
0
 
LVL 14

Expert Comment

by:mcrider
ID: 2631937
the x41 was just an example of an A... for example if you hex dumped a file and saw:

         41 6C 6C 65 6E 00

in ascii that would be "Allen"+Chr$(0)

Try this in the debug window... Type:

   ?chr$(&h41)

You will get an "A" to appear... Type:

   ?chr$(65)

And you will also get an "A" to appear...


Hopefully this question will get graded with a chr$(&h41) or a chr$(65) or an "A"... 'cause they're all the same...

;-)


Cheers!®©



   
0
 
LVL 1

Author Comment

by:billy_98_1
ID: 2632892
That's brilliant thanks. You've cleared up a lot for me. This was definitely a chr$(&h41) grade answer.

Thanks again.
0
 
LVL 14

Expert Comment

by:mcrider
ID: 2633393
Thanks for the &h41! Glad I could help!


Cheers!®©
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are many ways to remove duplicate entries in an SQL or Access database. Most make you temporarily insert an ID field, make a temp table and copy data back and forth, and/or are slow. Here is an easy way in VB6 using ADO to remove duplicate row…
The debugging module of the VB 6 IDE can be accessed by way of the Debug menu item. That menu item can normally be found in the IDE's main menu line as shown in this picture.   There is also a companion Debug Toolbar that looks like the followin…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now